ZyCDN enterprise private CDN brand logoZyCDN
LoginRegister

DDoS Protection

High-performance eBPF-based DDoS protection with nanosecond response

⚡ eBPF Kernel-Level Protection
🔗

IP Connection Limit

Limit concurrent connections per IP to prevent resource exhaustion. Supports custom connection thresholds and timeout settings.

🚫

Empty Connection Limit

Detect and block empty connection attacks and zombie connections to protect server connection resources.

⏱️

TTL Validation

TTL-based traffic validation to identify spoofed IP packets and reflection attack traffic, improving L4 defense accuracy.

🧩

Fragment Protection

Protect against IP fragmentation attacks and reassembly anomalies, blocking DDoS vectors exploiting fragmentation.

🌊

SYN Flood Protection

SYN Cookie technology for effective SYN flood defense with SYN proxy and connection rate limiting to ensure TCP service availability.

📡

UDP Flood Protection

UDP traffic scrubbing and abnormal packet filtering with rate limiting and source verification for UDP flood defense.

🔐

TLS Flood Protection

Protect against TLS handshake and SSL flood attacks with TLS connection rate limiting and handshake verification.

🐌

Slowloris Protection

Detect slow attacks (Slowloris/Slow POST/Slow Read) and auto-disconnect abnormal slow connections to prevent resource exhaustion.

📊

Behavior Analysis

AI-driven traffic behavior analysis engine using machine learning to detect abnormal traffic patterns and zero-day attack vectors.

DDoS Protection FAQ

Technical details about ZyCDN self-hosted CDN DDoS protection.

What technology is ZyCDN DDoS protection based on?

ZyCDN DDoS protection is built on eBPF kernel-level technology, enabling nanosecond-level traffic inspection and filtering at the OS kernel layer. Compared to user-space solutions, eBPF offers lower overhead and higher throughput. It supports L4 (TCP/UDP) and L7 (HTTP/HTTPS) DDoS protection covering SYN Flood, UDP Flood, TLS Flood, Slowloris, and other common attack types.

What scale of attacks can ZyCDN handle?

ZyCDN DDoS protection capacity depends on edge node bandwidth and hardware specs. A single node can handle several Gbps of L4 attack traffic. Multi-node deployment linearly scales protection capacity. Real-time attack monitoring auto-triggers blocking and scrubbing policies, with attack details and traffic trends displayed in the console.

How do I configure DDoS protection policies?

DDoS policies are configured centrally in the console. Settings include IP connection limits, empty connection thresholds, TTL validation rules, SYN Cookie parameters, UDP rate limits, TLS handshake limits, and slow attack detection. Protection templates provide quick-start presets. Custom rules support differentiated policies per domain and business scenario.