Purely hypothetical here, but I have been dealing with (accidental) DDoS attacks on one of our web servers in the recent past, and was always curious what would happen if you completely opened the flood gates.
Obviously, anything hosted on that particular web server instance would come to a grinding halt, and our best bet to (relatively) quickly mitigate the issue would be to completely kill the app service plan, and roll up a new one from scratch (making absolutely sure it didn't end up with the same IP address).
Aside from that, what would be a good way to mitigate an "attack" like this, particularly in an Azure App Service environment? Would you be able to inspect the appropriate headers and dump the traffic prior to the web server handling the request? Is this something that can be handled by Traffic Manager?
I know Azure has some built-in DDoS prevention, but I think something like this scenario would be nearly impossible to mitigate, as the traffic will be coming from everywhere.
Thanks in advance!