DDOs Attacks on CF Pages
Cloudflare Pages is likely the best alternative to Vercel as Vercel attempts to charge $40 per extra 100gb of bandwidth, however I am curious on how Bundled Requests work. If any DDos Attacks leak from my configuration, will it affect my daily bundled requests limit?
34 Replies
If they aren't blocked, you will be billed. Note though that you may be able to contact support and get a refund if an attack does occur.
I believe even you can see how much it devalues the service.
It's like how Cloudflare used to charge rate-limiting on requests.
Not really. With a well-tuned block rule, you should be well prepared to handle most attacks(which you won't be billed for).
And I think it is pretty generous that CF might refund you if you miss an attack
Just to be clear, if the WAF blocks the DDoS attack, you don't pay
If you used Functions and they got past ddos mitigation yes but we will help out with that.
No clue if I use functions, but theoritically can't someone just hit the Pages domain bypassing your domains WAF
You can lock down the Pages domains
But if you aren't using Functions, it isn't a worry anyway
Are you doing SSR?
nope
Alright you're good then
How lmao
Access Policy?
Yes
Any guide on how to
Well for some reason I am getting bundled requests despite not using functions bruh
But if you aren't using Functions then there isn't even a possibility of being charged for anything (we charge for Functions since they're server side compute)
You could get hit with 100 mil requests, it'd just be free
maybe it's bots visiting one of my old sites
Ok well you are using functions then haha
What consitutes as a function
Using Workers?
or having it poll my api
Functions are Workers
My backend isn't on workers
I'll look into it?
Hell, CF Pages won't even work rn
I put this flag and wouldn't work
My developer was meant to go to #pages-help but yk he's being stubborn
🤷♂️
It's not an env var
It's a compatibility flag
Oh
next-on-pages is for SSR'd Next.js so that would be using Functions
So yeah ok, I'd recommend Accessing the pages.dev (https://developers.cloudflare.com/pages/platform/preview-deployments/#customizing-preview-deployments-access)
So I have to use SSR on Next
No
You could static export
https://nextjs.org/docs/pages/building-your-application/deploying/static-exports
Deadass cannot find this
Click this, go through the flow and then just scroll down a little
thanks
Does CF Pages support next w/ client
Prefer not to use SSR
Assuming you mean client side? I can't see why not, it's just JS ran on a browser, nothing to do with the host
mhm ight
There is no limit to requests when it comes to static I know that
Client likely not either as it's client
💀
so good
Prefer not to pay for CF Workers 🤷♂️
Can you only lockdown preview deployments?
You can use access in front of any domain that you have