Questions about redirection

Example, I have website called https://api.example.com

I redirected example.netlify.com/api with status code 200 to https://api.example.com.

Now, my question is will visitors know source website address? And if someone sent ddos to address example.netlify.com/api, will my https://api.example.com affected? Or will Netlify protect it?

1 Like

Howdy @alirzadev and welcome to our community! Sorry we’ve been rather slow to get back to you!

Short answer is: Our proxying does not do anything to expose OR protect your remote site.

when you proxy, we:

  • send the browser request with all of its http headers, body, etc to the remote service as is. We do add a few headers, like X-BB-Ip to tell you things like the originating browser IP that get “hidden” since our system technically makes the request and thus the connection comes from our server, not the browser, but otherwise, it is sent as is
  • relay the response to the browser as-is, from your server. We again add an http header or two - e.g. an x-nf-request-id so that we can correspond a specific request to our internal logs, but we don’t materially change the response. This means we don’t do any of the following:
  1. say the request was proxied - the visitor will never know!
  2. say anything about where it was proxied to.

Re: protection, we intend to allow all traffic to reach your site. a DDoS looks a lot like a super bowl commercial or a shark tank launch. We will do our best to forward all traffic, unless we get tens of thousands of requests and it impacts the rest of our system. So no protection against floods is provided or intended - those could be legitimate traffic from our point of view.