freshness review

duongau · duongau · commit afd794f7d200 · 2024-11-13T09:30:56.000-08:00
diff --git a/articles/frontdoor/front-door-ddos.md b/articles/frontdoor/front-door-ddos.md
@@ -1,57 +1,57 @@
 ---
 title: DDoS protection on Azure Front Door
-description: This page provides information about how Azure Front Door helps to protect against DDoS attacks.
+description: Learn how Azure Front Door provides robust protection against DDoS attacks, ensuring the security and performance of your web applications.
 services: frontdoor
 author: duongau
 ms.service: azure-frontdoor
 ms.topic: conceptual
-ms.date: 10/23/2023
+ms.date: 11/13/2024
 ms.author: duau
 ---
 
-# DDoS protection on Front Door
+# DDoS Protection on Azure Front Door
 
-Azure Front Door is a Content Delivery Network (CDN) that can help you protect your origins from HTTP(S) DDoS attacks by distributing the traffic across its 192 edge POPs worldwide. These POPs uses our large private WAN to deliver your web applications and services faster and more securely to your end users. Azure Front Door also includes layer 3, 4, and 7 DDoS protection and a web application firewall (WAF) to help protect your applications from common exploits and vulnerabilities.
+Azure Front Door is a Content Delivery Network (CDN) that helps protect your origins from HTTP(S) DDoS attacks by distributing traffic across its 192 edge Points of Presence (POPs) worldwide. These POPs use Azure's large private WAN to deliver your web applications and services faster and more securely to your end users. Azure Front Door includes layer 3, 4, and 7 DDoS protection and a Web Application Firewall (WAF) to safeguard your applications from common exploits and vulnerabilities.
 
-## Infrastructure DDoS protection
+## Infrastructure DDoS Protection
 
-Azure Front Door benefits from the [default Azure infrastructure DDoS protection](../ddos-protection/ddos-protection-overview.md). This protection monitors and mitigates network layer attacks in real time by using the global scale and capacity of Front Door’s network. This protection has a proven track record in safeguarding Microsoft’s enterprise and consumer services from large-scale attacks.
+Azure Front Door benefits from the [default Azure infrastructure DDoS protection](../ddos-protection/ddos-protection-overview.md). This protection monitors and mitigates network layer attacks in real-time using the global scale and capacity of Azure Front Door’s network. It has a proven track record of safeguarding Microsoft’s enterprise and consumer services from large-scale attacks.
 
-## Protocol blocking
+## Protocol Blocking
 
-Azure Front Door supports only the HTTP and HTTPS protocols, and requires a valid `Host`` header for each request. This behavior helps to prevent some common DDoS attack types such as volumetric attacks that use various protocols and ports, DNS amplification attacks, and TCP poisoning attacks.
+Azure Front Door supports only HTTP and HTTPS protocols and requires a valid `Host` header for each request. This behavior helps prevent common DDoS attack types such as volumetric attacks using various protocols and ports, DNS amplification attacks, and TCP poisoning attacks.
 
-## Capacity absorption
+## Capacity Absorption
 
-Azure Front Door is a large-scale, globally distributed service. It serves many customers, including Microsoft’s own cloud products that handle hundreds of thousands of requests per second. Front Door is situated at the edge of Azure’s network, where it can intercept and geographically isolate large volume attacks. Therefore, Front Door can prevent malicious traffic from reaching beyond the edge of the Azure network.
+Azure Front Door is a large-scale, globally distributed service that serves many customers, including Microsoft’s own cloud products, which handle hundreds of thousands of requests per second. Positioned at the edge of Azure’s network, Azure Front Door can intercept and geographically isolate large volume attacks, preventing malicious traffic from reaching beyond the edge of the Azure network.
 
 ## Caching
 
-You can use [Front Door’s caching capabilities](./front-door-caching.md) to protect your backends from large traffic volumes generated by an attack. Front Door edge nodes return cached resources and avoid forwarding them to your backend. Even short cache expiry times (seconds or minutes) on dynamic responses can significantly reduce the load on your backend services. For more information about caching concepts and patterns, see [Caching considerations](/azure/architecture/best-practices/caching) and [Cache-aside pattern](/azure/architecture/patterns/cache-aside).
+You can use Azure Front Door [caching capabilities](./front-door-caching.md) to protect your backends from large traffic volumes generated by an attack. Azure Front Door edge nodes return cached resources, avoiding forwarding them to your backend. Even short cache expiry times (seconds or minutes) on dynamic responses can significantly reduce the load on your backend services. For more information about caching concepts and patterns, see [Caching considerations](/azure/architecture/best-practices/caching) and [Cache-aside pattern](/azure/architecture/patterns/cache-aside).
 
 ## Web Application Firewall (WAF)
 
-You can use [Front Door's Web Application Firewall (WAF)](../web-application-firewall/afds/afds-overview.md) to mitigate many different types of attacks:
+You can use [Azure Web Application Firewall (WAF)](../web-application-firewall/afds/afds-overview.md) to mitigate various types of attacks:
 
-* The managed rule set protects your application from many common attacks.  For more information, see [Managed rules](../web-application-firewall/afds/waf-front-door-drs.md).
-* You can block or redirect traffic from outside or inside a specific geographic region to a static webpage. For more information, see [Geo-filtering](../web-application-firewall/afds/waf-front-door-geo-filtering.md).
-* You can block IP addresses and ranges that you identify as malicious. For more information, see [IP restrictions](../web-application-firewall/afds/waf-front-door-configure-ip-restriction.md).
-* You can apply rate limiting to prevent IP addresses from calling your service too frequently. For more information, see [Rate limiting](../web-application-firewall/afds/waf-front-door-rate-limit.md).
-* You can create [custom WAF rules](../web-application-firewall/afds/waf-front-door-custom-rules.md)  to automatically block and rate limit HTTP or HTTPS attacks that have known signatures.
-* The bot protection managed rule set protects your application from known bad bots. For more information, see [Configuring bot protection](../web-application-firewall/afds/waf-front-door-policy-configure-bot-protection.md).
+- The managed rule set protects your application from many common attacks. For more information, see [Managed rules](../web-application-firewall/afds/waf-front-door-drs.md).
+- Block or redirect traffic from specific geographic regions to a static webpage. For more information, see [Geo-filtering](../web-application-firewall/afds/waf-front-door-geo-filtering.md).
+- Block IP addresses and ranges identified as malicious. For more information, see [IP restrictions](../web-application-firewall/afds/waf-front-door-configure-ip-restriction.md).
+- Apply rate limiting to prevent IP addresses from calling your service too frequently. For more information, see [Rate limiting](../web-application-firewall/afds/waf-front-door-rate-limit.md).
+- Create [custom WAF rules](../web-application-firewall/afds/waf-front-door-custom-rules.md) to automatically block and rate limit HTTP or HTTPS attacks with known signatures.
+- The bot protection managed rule set protects your application from known bad bots. For more information, see [Configuring bot protection](../web-application-firewall/afds/waf-front-door-policy-configure-bot-protection.md).
 
-Refer to [Application DDoS protection](../web-application-firewall/shared/application-ddos-protection.md) for guidance on how to use Azure WAF to protect against DDoS attacks.
+Refer to [Application DDoS protection](../web-application-firewall/shared/application-ddos-protection.md) for guidance on using Azure WAF to protect against DDoS attacks.
 
-## Protect virtual network origins
+## Protect Virtual Network Origins
 
-To protect your public IPs from DDoS attacks, enable [Azure DDoS Protection](../ddos-protection/ddos-protection-overview.md) on the origin virtual network. DDoS Protection customers receive extra benefits such as cost protection, SLA guarantee, and access to experts from the DDoS Rapid Response Team for immediate assistance during an attack.
+Enable [Azure DDoS Protection](../ddos-protection/ddos-protection-overview.md) on your origin virtual network to safeguard your public IPs from DDoS attacks. This service offers additional benefits such as cost protection, an SLA guarantee, and access to the DDoS Rapid Response Team for expert assistance during an attack.
 
 ## Private Link
 
-Enhance the security of your Azure-hosted origins by restricting their access to Azure Front Door through [Azure Private Link](private-link.md). This feature enables a private network connection between Azure Front Door and your application servers, eliminating the need to expose your origins to the public internet.
+Enhance the security of your Azure-hosted origins by using [Azure Private Link](private-link.md) to restrict access to Azure Front Door. This feature establishes a private network connection between Azure Front Door and your application servers, eliminating the need to expose your origins to the public internet.
 
 ## Next steps
 
-- Learn how to set up a [WAF policy for Azure Front Door](front-door-waf.md). 
-- Learn how to [create an Azure Front Door profile](quickstart-create-front-door.md).
-- Learn [how Azure Front Door works](front-door-routing-architecture.md).
+- Set up a [WAF policy for Azure Front Door](front-door-waf.md).
+- Create an [Azure Front Door profile](quickstart-create-front-door.md).
+- Understand [how Azure Front Door works](front-door-routing-architecture.md).
