Anti-DDoS protection services are designed to block Distributed Denial of Service attacks. They are based on detection technologies that can be used to automatically, or sometimes manually, block the IP addresses of attackers from the network so that they can't reach the site host.
They do not prevent very high volumes of traffic from passing through, at least for as long as it takes to implement countermeasures.
CDN operators have an extremely large bandwidth and load balancing systems in place; it is therefore rare that an attack leads to saturation of the network.
In front of the recrudescence of the attacks against the websites, the largest CDN operators have added two layers of security to their offers.
Firstly, a WAF (Web Application Firewall) filters the requests that are sent to web applications and is used to supplement traditional firewalls that block traffic according to the IP addresses, ports or protocols used.
WAFs provide security at the application level and protect against security holes in software used; they block SQL injections, for example. As the CDN receives all requests before the host, it is very well placed within the architecture to carry out this processing.
The quality of WAFs is very variable because determining that a query is malicious can be complex, particularly because attackers constantly change their methods.