Systems and methods for protecting an online service attack against a network-based attack

The embodiments of the invention in which an exclusive property or privilege is claimed are defined as follows: 1. A system for protecting an online service, the system comprising: a computing system hosted in a data center, wherein the computing system includes one or more processors coupled to a memory device and a network interface operating to conjunction to provide the online service to client devices via a public network; a first protection service comprising one or more virtual machines hosted by a first cloud service that is distinct from the data center, the first protection service communicatively coupled to the computing system via a first private link; and a traffic management infrastructure within the public network; wherein the system is configured to protect the online service by: detecting, within the computing system in the data center, an attack against the computing system received via the public network; in response to detecting the attack, automatically signaling the traffic management infrastructure from the computing system to redirect network traffic, being sent to the computing system over the public network, to the first protection service over the public network, the redirected network traffic including all post redirect network traffic associated with the attack and network traffic associated with legitimate requests to the computing system; and in response to receiving the redirected network traffic over the public network at the first protection service, processing the redirected network traffic within the first protection service to enable: dropping redirected network traffic associated with the attack resulting in legitimate redirected network traffic; rate limiting the legitimate redirected network traffic by inspecting source addresses of network packets in the redirected network traffic, and dropping at least some network packets associated with a specified source address resulting in rate limited legitimate redirected network traffic; and transmitting the rate limited legitimate redirected network traffic associated with the legitimate requests to the computing system via the first private link. 2. The system of claim 1 , wherein the attack is a denial of service attack directed against the online service, and wherein the first cloud service is configured to process a volume of inbound network traffic that exceeds the volume of network traffic associated with the denial of service attack and that exceeds the bandwidth of a link between the computing system and the public network. 3. The system of claim 1 , wherein the attack is a denial of service attack directed against the online service, and wherein the first cloud service includes network devices that are configured to automatically filter the network traffic associated with the denial of service attack before the network traffic associated with the denial of service attack is received by the first protection service. 4. The system of claim 1 , wherein the first protection service is configured to: determine that the redirected network traffic is saturating computing resources allocated to the first protection service; and in response, automatically execute one or more additional virtual machines to process the redirected network traffic. 5. The system of claim 1 , further comprising: a second protection service hosted by a second cloud service that is distinct from the data center and the first cloud service, the second protection service communicatively coupled to the computing system via a second private link; and wherein the system is configured to dynamically distribute requests to the online service by: when no attack is detected, receiving all of the requests to the online service at the computing system; and when an attack is detected, signaling the traffic management infrastructure from the computing system to redirect network traffic, being sent to the computing system over the public network, and distributing the redirected network traffic across the first protection service and the second protection service. 6. The system of claim 1 , wherein the first protection service is configured to automatically filter the network traffic associated with the attack. 7. A method for protecting an online service, the method comprising: protecting the online service from an attack, the online service provided by a computing system hosted in a data center and a first protection service hosted by a first cloud service that is distinct from the data center, wherein the computing system is communicatively coupled to a public network, including a traffic management infrastructure, and communicatively coupled to the first protection service via a first private link, the protecting including: detecting, within the computing system, an attack directed against the computing system via the public network; in response to detecting the attack, automatically signaling the traffic management infrastructure from the computing system to redirect network traffic, being sent to the computing system over the public network, to the first protection service over the public network, the redirected network traffic including all post redirect network traffic associated with the attack and network traffic associated with legitimate requests to the computing system; and in response to receiving the redirected network traffic over the public network at the first protection service, processing the redirected network traffic within the first protection service to enable: dropping redirected network traffic associated with the attack resulting in legitimate redirected network traffic; rate limiting the legitimate redirected network traffic by inspecting source addresses of network packets in the redirected network traffic, and dropping at least some network packets associated with a specified source address resulting in rate limited legitimate redirected network traffic; and transmitting the rate limited legitimate redirected network traffic associated with the legitimate requests to the computing system via the first private link. 8. The method of claim 7 , wherein the online service further includes a second protection service hosted by a second cloud service that is distinct from the data center and the first cloud service, the second protection service communicatively coupled to the computing system via a second private link, and further comprising: dynamically distributing requests to the online service by: when no attack is detected, receiving all of the requests to the online service at the computing system; when an attack is detected, signaling the traffic management infrastructure from the computing system to redirect network traffic, being sent to the computing system over the public network, and distributing the redirected network traffic across the first protection service and the second protection service; and in response to redirecting network traffic, receiving at the computing service via the first private link and the second private link only network traffic associated with the legitimate requests to the computing system forwarded by the first protection service and the second protection service after dropping network traffic associated with the attack. 9. The method of claim 7 , further comprising: content filtering, on the first protection service, the redirected network traffic by inspecting content payloads of network packets in the redirected network traffic to detect malicious payloads; and dropping network packets that include the detected malicious payloads. 10. The method of claim 7 , wherein the first protection service comprises one or more virtual machines executing on hardware hosted by th