← Back to context

Comment by lpcvoid

7 hours ago

I don't, since my stuff is reachable only within the company network/VPN. If I needed to though, I would consult the BSI list of official DDOS mitigation services [0] and evaluate each one before deciding. I would not auto-pick Cloudflare.

[0] (German) https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Si...

3 comments

lpcvoid

Reply
reassess_blind  6 hours ago

When the solution you pick inevitably has downtime too you’re in the same boat.

DDoS mitigation is one of those areas that an on-prem solution just isn’t well suited to solve.

  • lousken  4 hours ago

    Unless you are really big, onprem stuff would be 90% internal anyway. For everything public you'd host your hardware in a datacenter with better high speed connectivity. And pretty much every single datacenter I interacted with in the last 5 years does have a DDOS protection solution that you can order for your network.

  • lpcvoid  6 hours ago

    Yeah, but people aren't using Cloudflare just for DDOS Mitigation. Some are running pretty much everything over it, from DNS to edge caching to load balancing and even hosting. That's what I oppose mainly.