Static Asset DDOS protection
Unanswered
Border Terrier posted this in #help-forum
Border TerrierOP
Hey. I’ve got a pretty standard Next, Vercel hosted, Prisma DB backed app. Just watched Theo’s app on Rate limiting, and I’ve done api rate limiting with upstash in the past, but I’m looking for suggestions on how to rate limit an individual’s ip from accessing my site altogether by setting a custom rate limit to protect from static DDOS asset attacks. Thanks!
5 Replies
Toyger
if you hosted on vercel then they have already ddos mitigation included on all plans. If you self-hosting then you need to look for any provider that include ddos protection.
@Toyger if you hosted on vercel then they have already ddos mitigation included on all plans. If you self-hosting then you need to look for any provider that include ddos protection.
Border TerrierOP
Yes it’s hosted on vercel. Just asking as a several hundred dollar bill would be a significant hurdle at the present moment… I have time rn, but not necessarily money. Thank you!
@Border Terrier Yes it’s hosted on vercel. Just asking as a several hundred dollar bill would be a significant hurdle at the present moment… I have time rn, but not necessarily money. Thank you!
Toyger
vercel states https://vercel.com/docs/security/ddos-mitigation#do-i-get-billed-for-ddos that they are not charging client for ddos attacks.
@Toyger vercel states https://vercel.com/docs/security/ddos-mitigation#do-i-get-billed-for-ddos that they are not charging client for ddos attacks.
Border TerrierOP
Awesome! That makes me incredibly confident in the product. So I suppose Theo’s video was more catered to sites with actual users where the hobby plan is no longer suitable… In your opinion is it just as easy to set DDOS limits for financial protection as an app scales or is additional external strategies recommended/necessary?
@Border Terrier Awesome! That makes me incredibly confident in the product. So I suppose Theo’s video was more catered to sites with actual users where the hobby plan is no longer suitable… In your opinion is it just as easy to set DDOS limits for financial protection as an app scales or is additional external strategies recommended/necessary?
Toyger
depends on many things, of course vercel will do their part for mitigation, but if you have any other third-party solutions like supabase/clerk/etc.... they have their own limits. That's why best strategy is self-hosting where you know what you are paying for, but it require a lot of experience to configure everything correctly.