Comment by Lammy
1 year ago
https://www.netlify.com/security/ sez “Active DDoS mitigation — Netlify monitors for traffic pattern anomalies and spikes, and effectively controls for them as needed” and now I'm curious about what that actually means.
1 year ago
https://www.netlify.com/security/ sez “Active DDoS mitigation — Netlify monitors for traffic pattern anomalies and spikes, and effectively controls for them as needed” and now I'm curious about what that actually means.
It means they protect themselves from layer 3 and 4 DDoS. For layer 7 you're mostly on your own. That's what most companies mean when they talk about DDoS anyway.
Right and as a CDN they HAVE to handle layer 3 & 4 DDoS themselves so it's not like they're doing you any favours. The traffic is typically routed to the customer based on SNI.
I found https://www.netlify.com/blog/2017/03/28/why-you-dont-need-cl... and it sounds like you're right.
“The cool thing is that we also provide a load balancer, and if our system has detected that our main load balancer is currently being hit by a large DDoS attack and is slow or unresponsive, we’ll simply route around that on the DNS level. Since we cache content at our edge nodes around the world, end users also experience extremely fast page load times because of this.”
Well at least Cloudflare will not charge me for this situation.
It means that they will charge you 20k (a year's rent for me, no biggie) instead of 100k for your free website, or 5k if you got lucky.
If you value uptime, even through being massively attacked, they can offer you that.
Who on earth does this describe?
1. Comfortable paying >$100,000 to prevent their site going down for a single day, and
2. Doesn't pay a dime for their hosting service on a day-to-day basis
I had the intuition that Netlify are extremely incompetent compared to Cloudflare, and this thread adds another data point. So no, if you value uptime you are not going to rely on them.
That is not unique to this price point and most of their competitors do not charge for unusual traffic spikes.
It's a static website. Plenty can offer uptime through being massively attacked, for free.
1 reply →
They reroute the network traffic to ensure none of it gets dropped so they can accurately overcharge you for the the correct amount.