Hetzner DDoS Basic Protection: What It Is and How It Safeguards Your Server

Running a website or an application on Hetzner’s cloud gives you powerful performance, but it also exposes you to the ever‑present threat of Distributed Denial of Service (DDoS) attacks. Hetzner offers a DDoS Basic Protection service that combines detection, traffic filtering, and rate limiting to keep your services online even when millions of requests hit your IP address. In this guide we’ll break down how it works, why you need it, and how to get it set up step‑by‑step.

Why DDoS Attacks Matter for Hetzner Users

• Server uptime directly impacts revenue and reputation.
• Even a short outage can lead to lost customers and SEO penalties.
• Shared infrastructures mean an attack on one host can ripple to neighboring servers.

What is Hetzner DDoS Basic Protection?

Hetzner’s DDoS Basic Protection is a hosted firewall and traffic‑scrubbing service that runs on external hardware before traffic reaches your server. It detects volumetric spikes (blitz mode) and application‑layer attacks (SQLi, HTTP floods) in real time. The service is bundled with all Hetzner Cloud plans and is free of charge.

Key Features

• Instant traffic filtering for up to 500 Gbps of incoming traffic.
• Automatic heuristics that adapt to your traffic patterns.
• Pre‑configured rules for HTTP/HTTPS, SSH, and FTP ports.
• Real‑time dashboard with attack statistics and logs.
• Fail‑over to Hetzner’s global CDN for high‑load scenarios.

Setting Up DDoS Basic Protection

Follow these steps to activate the protection for an existing Hetzner Cloud server.

1. Access the Hetzner Cloud Console

Log in to Hetzner Cloud Console and navigate to the server you want to protect.

2. Enable the DDoS Module

In the server menu, you’ll find DDoS Protection. Toggle the switch to ON. A dialog will confirm that your IP is now behind the scrubbing engine.

3. Verify IP Reassignment (Optional)

When protection activates, Hetzner assigns a new public IP that routes through the security layer. Update any DNS records or load balancers to point to this new address.

4. Configure Custom Rules (Advanced)

For strict compliance or specialized traffic patterns you can create custom firewall groups via the Firewall section. Link the firewall to your active DDoS protection configuration.

5. Monitor Your Dashboard

The DDoS dashboard displays live attack metrics: type, source distribution, and duration. Use the logs to fine‑tune your firewall or to code‑level mitigate repeated attackers.

How It Protects Your Business

• Prevents downtime during a 100 Gbps attack in under a second.
• Reduces bandwidth costs by scrubbing malicious traffic before it hits your instance.
• Maintains API reliability, keeping e‑commerce carts, payments, and data sync live.
• Improves SEO by avoiding black‑listing for sudden traffic spikes.

FAQs

1. Is additional cost required?

No. Hetzner DDoS Basic Protection is included at no extra charge for all Cloud servers.

2. Can I apply filters to specific ports?

Yes. Use the Firewall section to limit access to ports such as 22 (SSH) or 80/443 (HTTP/HTTPS).

3. What happens if the attack exceeds 500 Gbps?

The scrubbing engine will automatically report the event. For ultra‑high‑volume attacks you may contact Hetzner Support for a custom solution.

Conclusion

Hetzner’s DDoS Basic Protection is a silent guardian that keeps your services humming while malicious actors try to overload your network. By enabling it today, you safeguard uptime, reduce operational costs, and give your users a seamless experience. Don’t wait for an attack to strike—activate protection now and breathe easier.

Call to Action

Ready to lock down your Hetzner server? Follow the steps above and activate DDoS Basic Protection today. If you need help configuring custom firewall rules, contact Hetzner Support or dive into the official documentation.

Internal Linking Ideas

• Set Up a Hetzner Cloud Firewall – Link to a tutorial on creating firewall rules.
• Deploy a Hetzner Load Balancer – Link to guide on scaling horizontally.

External Authority Reference

Refer to Cloudflare’s research on modern DDoS trends for deeper insights.