| HN Mirror

Yes, it's a partial mitigator, but it isn't as complete of a solution as a CDN, for a number of reasons. For one thing, with Anubis your server is still responding to requests, so a full scale DDoS could potentially take you down without having to actually complete the PoW, they just have to make enough requests.

Using a CDN for DDoS typically has multiple levels of protection:

- caching reduces load on your server

- In the event of a (D)DoS attack, the cdn can absorb the attack traffic with their much higher capacity than your server(s)

- The CDN can block certain kinds of attacks, especially low level (D)DoS attacks without the traffic ever touching your servers

- Since the CDN fronts many sites, it can have more information about which IP addresss, and user agents are more suspicious. This one is a little controversial, because there is a conflict between getting an accurate profile of how suspicious a request is, and preserving the privacy of users.

- It may have built in support for some kind of bot detection, such as captcha or a proof of work. IDK about the free tier of cloudflare, but for paid offerings at least, this is usually optional.

In short, Anubis could be part of a DDoS mitigation plan, but if you are worried about a targeted attack, it probably isn't sufficient. And critical services are potentially a valuable target for attacks.