How to prevent DDoS Attack from HTTP server written in Go?

Question

I'm developing an HTTP server in Go, but it doesn't seem to be able to prevent DDoS attacks. Do I need to implement a firewall for my server?

There's also another solution: I could use Nginx as proxy server to prevent DDoS attacks, but it will complicate server deployment.

Answer 1

Do I need to implement a firewall for my server?

OMG YES!

But it won't help much for DDOS. You need to be able to profile the attack and patch responses quickly for this. Using something like fail2ban make this much easier, but that you weren't sure if you needed a fiewall / if it would help with DDOS suggests that you may easily do more harm than good by trying to build adaptive defences, hence in your case I'd recommend not worrying about a DDOS until you get one / get a good hosting company who can provide network level services if such an attack occurs.

Answer 2

I don't think Nginx would be better or worse than your Go server. You still need a real firewall as well.