DDoS (Distributed Denial of Service) is a cyber attack where multiple compromised systems flood a target server with traffic, making it unavailable to legitimate users.

DDoS means Distributed Denial of Service - a type of cyber attack that uses multiple systems to overwhelm a target with traffic.

How does DDoS protection work?

DDoS protection works by filtering malicious traffic, rate limiting requests, and distributing load across multiple servers to maintain service availability.

How to hide your origin IP (step‑by‑step)

Mask your origin behind a protective edge and Secure DNS. This prevents direct L3/L4 attacks on your server.

Put an edge in front
Create a site/app at your edge provider (WAF/CDN). Point it at your origin via hostname, not raw IP, when possible.
Move DNS to the edge
Update A/AAAA/CNAME to the provider endpoints. Remove public A/AAAA that point directly at your origin hostnames.
Restrict direct origin access
Allowlist only provider networks (or a VPN) at your host/firewall. Block all public traffic hitting the origin IP.
Harden HTTPS
Force HTTP→HTTPS redirects and enable HSTS. Prefer HTTP/2/3. Set sane caching for static paths.
Validate
Use our scanner to confirm your origin IP isn’t visible in public DNS and that edge headers are present.

Run a free scan Open DDoS guide

How to hide your origin IP (step‑by‑step)

Put an edge in front

Move DNS to the edge

Restrict direct origin access

Harden HTTPS

Validate