Answer the question
In order to leave comments, you need to log in
How can a small web project escape DDoS?
The client has a small site running nginx and Amazon Route 53 as DNS. He is often beaten up by sending a lot of requests that the server cannot handle. Previously, when he was on Cloudflare, he could press one button (under attack) and everything was solved instantly: a captcha page appeared before each request and everything was fine. He then switched to Route 53, which does not have this feature. How to defend yourself now? WAF on Amazon costs about $3,000 per month. Maybe there is something simple and inexpensive that will not protect against a real powerful DDoS, but will protect against small ones?
Answer the question
In order to leave comments, you need to log in
On aws, waf and shield are built into CloudFront. 3000 usd costs if you need a dedicated team from AWS for a better response. Also, CloudFront has its own geo policy and routes, which seems to be cheaper and better than route53 since it does not require changing dns records and avoids caching.
Well, yes, waf is not related to ddos, this is the responsibility of shield
The only budget option AFAIK is to go back to Cloudflare. Yes, on cheap tariffs, this requires keeping DNS with them. Why not?
With a business plan ($200), Cloudflare allows you to use third party DNS.
Through the signing of traffic (after validating the "purity" of the client) between different sites (at least 2), this is done.
Unsigned - the other one is immediately ignored before the connection is created.
All connections are checked for a valid signature.
The traffic you have nginx accepts - set up rate limiting . To do this, you still need to analyze - what are the limits for which urls for you ok.
In addition, you can set up rate limiting for one src ip. nginx is such a powerful thing in terms of features and protection settings.
If you don't want to deal with nginx - connect the site to cloudfront, the necessary protection services are built into it, as Ivan Shumov wrote . However, they also need to understand how to configure them correctly.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question