Limit bandwidth to avoid high billing caused by DDoS?

Hello, I’m always afraid on “pay for usage” services that it has no limits. In case of DDoS or some popularity peak bill can go into thousands which I’m not able to cover. We had this once in my previous company with one of popular cloud providers - not a cool experience.

Is there any limit or setting to put into my account not to cross? I was searching for it but did not found anything.

hi koprowski,

this post should answer your questions, i think! it’s specific to API requests/redirects, but, i think the answer still applies.

this might also be relevant:

Okay so I read it and my conclusion is - there is no safety net.

You can be charged with thousands of dollars if your site suddenly goes viral. Or attacked with DDoS.

That is quite worrying :confused:

Do I even get some automatic warning that my bandwidth (and costs) is growing rapidly?

Thanks for answering.

hi there,

those are good questions - as mentioned above, our services are designed to mitigate DDoS attacks - and while DDoS attacks to happen, they are generally not geared towards users on our starter tiers. (It’s probably obvious that for our Business customers with contracts, different kinds of rules apply) If you are concerned that you will be targeted by a massive, wide scale DDoS attack that bring down our servers or cause an undue amount of traffic, we would probably benefit from chatting with you about what kind of a site you are asking us to host for free if it is likely to attract that kind of attention. We have only had a very limited number of DDoS attacks on Netlify despite many hundreds of thousands of sites.

If a DDoS is not focusing on your site specifically, but Netlify in general but ends up affecting your site (attacking a wide range of IP addresses/domains we point towards) then we won’t assume you carry responsibility for that.

Now, if something you host goes viral - congrats! We’re assuming that is not necessarily a bad thing - right? Again, its worth asking whether or not you intend to host content that would draw so many visitors for legitimate reasons that it would affect our services of rack up bandwidth.

That can happen, of course, and below is a thread of an example:

So, in short, I want to answer by asking a.) is this a realistic thing that could happen to you? b.) you are super welcome to investigate options to mitigate the fallout from a DDoS attack or viral content on your own!

Our priority is to keep your site up - that’s what our business is about. If that isn’t an approach that works for you and changes your decision to host with us, I understand. I definitely can make note of your concerns,and follow up here if things should change - as in, and we opt to add hard limits that take your site offline after a traffic spike.

You do get emailed notifications about bandwidth use at different times as you go over usage levels, yes. I believe there are 4+ different points in time when we email you as you approach the limit.

Let me know if you have any other questions!