DDoS Protection

ngrok automatically protects your applications with out-of-the-box protection from distributed denial of service (DDoS) attacks.

DDoS Firewall

The ngrok cloud service automatically protects all Endpoints from attacks with its proprietary DDoS Firewall. The DDoS Firewall scans traffic flows into your endpoints for malicious actors, patterns and threats in real-time. When an attack is detected, the firewall proactively blocks incoming connections from the attackers IPs.

Additional Measures

In addition to ngrok's out-of-the-box DDoS Firewall, we also recommend taking the following measures to help protect your endpoints from attacks:

1. Prevent attacks by enforcing authentication with Traffic Policy actions. Traffic Policy is enforced in the ngrok cloud service so that only legitimate traffic is sent to the upstream service in your network. ngrok's cloud service absorbs all of the unauthenticated traffic. You can use the following traffic policy actions to block unauthenticated traffic:

   • Basic Auth
   • OAuth
   • IP Restriction
   • Webhook Verification
   • JWT
   • Mutual TLS
   • OpenID Connect
   • SAML

2. Use the Traffic Policy Circuit Breaker action on your Agent Endpoints. This module protects your upstream applications when they become overloaded by blocking traffic to them in ngrok's cloud service until they can recover.