Ensuring the availability of online services is crucial for businesses that depend on them, as they are vulnerable to denial of service (DoS) and distributed denial of service (DDoS) attacks aimed at disrupting operations. These attacks can overwhelm services, whether from a single source in the case of DoS or multiple sources in a DDoS, making it difficult to distinguish between legitimate and malicious traffic. Effective defense strategies include a combination of techniques such as bot protection, caching, rate limiting based on IP addresses and fingerprints, and blocking known malicious IPs. Device fingerprinting, particularly JA3 and the more advanced JA4, plays a vital role in identifying and blocking attackers by analyzing connection metadata beyond just IP addresses. Rate limiting, while useful, must be carefully managed to avoid false positives, requiring thorough testing and monitoring. Integrating these methods offers a layered defense that enhances service availability and minimizes disruptions from malicious traffic.