Limits/Protection to avoid high billing caused by DDoS?

Hello,

I’m building a blogging platform with netlify. Customers can launch their own blog and connect a custom domain.

I have gone through the following resources already:
https://community.netlify.com/search?q=ddos
https://www.netlify.com/tos/ (hard limits)

Here are my questions:

  1. What happens if any of my clients’ blog is ddos’ed? How do you handle the billing in that scenario? What are the mitigation options? (In case of viral content, I will gladly pay for extra bandwidth consumed)
  2. I see that with Team Business plan ($99/month/user), it was mentioned unlimited netlify function invocations are available. Is there any hard limit? What happens in case of ddos?
  3. I got to know from netlify_support that we can connect unlimited domains (aliases) to a site. But I noticed that max_domain_aliases is 100 in an api response. Can you confirm the same?

Thanks in advance!

If there is an obvious attack that impacts our system for all users, we will notice & mitigate it. There is no simple way for you to do so yourself (you could write a function, pipe all your traffic into the function, and stop sending output if you detect an attack, is the “not-so-simple” way, which is pretty suboptimal).

We do not “judge” your traffic except in that way; our #1 priority is to keep your site up despite high traffic, whether that is intended or not.

Regardless of whether we mitigate an in-progress attack or not, you are liable for all bandwidth you consume, so you need to decide if that works for your business or not. If not, you’ll need a different hosting provider. As a data point, in practice, this happens very rarely.

Our sales team will be happy to talk with you about unlimited function invocations. We’ll definitely not shut your site down for overuse, so in essence, you already have unlimited invocations (at a price). No hard limit.

Yes, our system supports a maximum of 100 explicit names per site. You can deploy multiple copies of the site to apply more names.

I had implemented rate-limiting on my api-gateway which is hosted outside of netlify. Only the front-end is hosted on netlify. So, I guess I need to do more experiments.
Thanks for your time :slight_smile:

1 Like