Every time I visit a website that is using Cloudflare's Under-Attack-Mode, it shows me the usual text telling me to wait a few seconds until Cloudflare verified I am not a bot. Every time I reload ...

I've recently faced with some redos attack issues. Explain in simple steps: Regex denial of services: it means the attacker can put some malicious/crafted inputs to bring your server down by making...

I am currently running two containers on Cloud Run for my web app (React and Nodejs). I have been looking into how to prevent my apps from DDOS. Any suggestion?

I have such situation. Imagine there is a public REST service. What we don't want, is for someone, to be able to access this service many times in short period of time, because they will be able to...

I have an app where users registers and enters their mobile phone and other data. In order to verify that the user is valid, before i save it to my database, I send a sms to the user with a code. A...

I was looking at https://material-ui-next.com who seem to be running on firebase hosting and use CloudFlare on top of it. This raised a question. Do firebase hosting websites need additional layer...

We have had issues where one IP makes hundreds of requests to our servers, resulting in an overloaded RDS database. Is there a way to set our AWS ELB to block in the case of this DOS-like behavior?...

Good day, I'm running an Apache2 server in front of a Tomcat and I need to implement a DDOS protection mechanism on the Apache2 layer. I have two candidates: mod_evasive and mod_security2 with the...

The problem: When my website is set to "I'm under attack" mode, once a user passes the CloudFlare screen they are redirected to my website with a large, and rather long query get parameter: ?__cf...

I am designing a RESTful API that is intended to be consumed by a single-page application and a native mobile app. Some calls of this API return public results that can be cached for a certain time...

Colleagues! Faced an unusual problem, I could not find a solution on my own. The bottom line is: there is a website on Nuxt.js in conjunction with Laravel as a backend. In server-side rendering, t...

I have rails3 + nginx stack. Several days ago it was ddos attack with lots of GET requests similar to: GET /?aaa2=bbbbbbb&ccc=1234212 GET /?aaa1=bbbbbbb&ccc=4324233 First of all I added...

I'm new in network and I want to protect the layer 7 of a Google cloud function. I've found cloud armour that allow to create an allow/deny ip list for an https load balancer. Also Cloudflare...

I am running an enterprise scale application in Microsoft Azure. I wanted to know what the recommendations are for DDOS projection in Microsoft Azure. The documentation clearly states that the plat...

What techniques and/or modules are available to implement robust rate limiting (requests|bytes/ip/unit time) in apache?

I implemented a simple chat for my website where users can talk to each other with ExpressJS and Socket.io. I added a simple protection from a ddos attack that can be caused by one person spamming ...

I am maintaining an embedded database for a web app on an EC2 instance. Since this central server is single-threaded, it's very susceptible to DDOS (even a non-distributed attack would cripple it)....

I have been learning node.js and socket.io lately. My question is how can I protect server against client side attacks? This is my server code io.sockets.on('connection', function (socket) { //...

My company runs a kubernetes setup with 6 nodes and traefik 1.6 deployed as a DaemonSet to each node in production. Each traefik instance takes incoming (ssl terminated) requests on port 80 from an...

So, I'd like to get more experience working with high-traffic websites, but unfortunately the Internet is not beating down the doors to my blog. How can I simulate tens/hundreds of hits per second...

Could you please list some strategies or even approaches you have already applied to prevent/protect/minimize DDOS attacks upon Restful Web Services? Thanks.

Update: It seems that different hm.js (Baidu TongJi JS library) are loaded. When no DDOS attack is observed, a standard hm.js is loaded; when there is a DDOS, a totally different hm.js is loaded. ...

DDoS (Distributed Denial of Service Attacks) are generally blocked on a server level right? Is there a way to block it on a PHP level, or at least reduce it? If not, what is the fastest and most ...

Does Amazon Beanstalk automatically prevent (distributed) denial of service attack? If not, whats the most convenient way to do so?

Heroku is, it seems, under a DDoS attack right now, which is causing intermittent availability issues across the site manifesting themselves on (of course!) my app. I have seen a number of these ki...