Vercel Usage, DDoS & Cloudflare (a fun topic i know)
So me any my co-dev just released our new project which is a web app for listing your discord server.
Now we didn't naively think this was going to be the CHEAPEST operation, as with any serverless UGC app we knew costs would scale.
What we didn't anticipate was (potential) DDoS attacks within the first week.
Now we do have hard billing limits because we simply don't have the funds to support endless billing but i was wondering the extent of protection i can take on the web app to prevent similar things?
Moreover the steps i can take to minimise usage (especially function invocations)
While the requests in the screenshots provided don't detail a HUGE amount of traffic, the 33k requests to /:80 were all within around 1-5 minutes and all had ?cacheBust param attached. Is this an attempt at DDoS or simply web scraping for SEO? Regardless of intended purpose it did somehow manage to limit usage on our app for around a minute or 2 for some users.
We currently have high security level on cloudflare, along with some additional rules. And to the best of my knowledge vercel mitigates DDoS on their behalf, bu for some reason this pattern of request wasn't deemed suspicious? We were wondering what rules would be optimal in this scenario?
We were also considering programatically enabling under attack mode based on request patterns and frequency, but weren't sure if it was possible.
I'd like to reiterate that i know this isn't a MAJOR amount of requests or billing but for our use case we are opting to try to minimise billing NOW rather than being susceptible to vulnerabilities as we scale.
Notable things to mention are we are using NextJS@v14 and server actions.
Now we didn't naively think this was going to be the CHEAPEST operation, as with any serverless UGC app we knew costs would scale.
What we didn't anticipate was (potential) DDoS attacks within the first week.
Now we do have hard billing limits because we simply don't have the funds to support endless billing but i was wondering the extent of protection i can take on the web app to prevent similar things?
Moreover the steps i can take to minimise usage (especially function invocations)
While the requests in the screenshots provided don't detail a HUGE amount of traffic, the 33k requests to /:80 were all within around 1-5 minutes and all had ?cacheBust param attached. Is this an attempt at DDoS or simply web scraping for SEO? Regardless of intended purpose it did somehow manage to limit usage on our app for around a minute or 2 for some users.
We currently have high security level on cloudflare, along with some additional rules. And to the best of my knowledge vercel mitigates DDoS on their behalf, bu for some reason this pattern of request wasn't deemed suspicious? We were wondering what rules would be optimal in this scenario?
We were also considering programatically enabling under attack mode based on request patterns and frequency, but weren't sure if it was possible.
I'd like to reiterate that i know this isn't a MAJOR amount of requests or billing but for our use case we are opting to try to minimise billing NOW rather than being susceptible to vulnerabilities as we scale.
Notable things to mention are we are using NextJS@v14 and server actions.
Was this page helpful?
