[revskill]

What if the situation is the provider doesn't have built-in DDos protection ?

[roncesvalles]

Well you just have to find a way to eat the traffic without using up too many resources. Rate-limit by IP, drop certain types of packets, cache aggressively, respond to 400 errors with empty response, timeout long-running requests etc.

[lxchase]

Depends what you are protecting. A website or http traffic? Stick it behind cloudflare. Services on other ports or protocols like TCP or UDP? You could rent a cheap VPS at a provider that DOES have inline protection and use that instance to reroute traffic to your own server via a GRE tunnel.

[bombcar]

Then you switch providers, go behind something like cloud flare, or contract with a DDoS protection provider (there aren’t many).

If it is an unimportant service you just suffer the DDoS or switch IPs.

Or you use a front end on a VPS that does have DDoS and use a IPv6 tunnel or tail scale to connect to your actual service.