-
I have a nextjs serverless app with an api route, SSR pages, and static pages. I am curious about how to generally approach rate limiting, specifically around preventing DDoS attacks. I am not too worried about the static pages -- my sense is that those will be cached by the Edge CDN. The api also has an obvious solution to me -- use redis or something similar to limit routes individually as desired. But the SSR pages are more confusing to me. I can make use of server side caching to help reduce calls to the DB, but I feel like there should be some situation where I am returning a 429. Do I need to integrate redis on every page? I feel like there should be something at the Edge CDN level that should help with this, but I don't see anything obvious in the documentation. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
Similar answer here as vercel/next.js#12134 |
Beta Was this translation helpful? Give feedback.
-
Hey, wanted to follow up here. We just launched Attack Challenge Mode –an extra layer of defense for DDoS and malicious traffic, free for all plans. When enabled, the Vercel Firewall will serve a challenge page to help mitigate attacks. We also have this guide for rate limiting using Edge Middleware. Hope this helps! |
Beta Was this translation helpful? Give feedback.
Hey, wanted to follow up here.
We just launched Attack Challenge Mode –an extra layer of defense for DDoS and malicious traffic, free for all plans. When enabled, the Vercel Firewall will serve a challenge page to help mitigate attacks.
We also have this guide for rate limiting using Edge Middleware.
Hope this helps!