Preventing DDoS attacks
To prevent and mitigate DDoS attacks, Magnolia PaaS grants all customers (using Fastly as their CDN):
Access to origin shielding
Automatic resistance to availability attacks
Access to Fastly cache IP space
Custom DDoS filter creation abilities
|Learn more at Fastly’s Always-on DDos Mitigation page.|
Block IP address with ingress
If you are using Fastly as your CDN in your Magnolia PaaS project, you can block IPs directly from the cockpit. Cool, huh?
Check out the instructions for doing that here.
If you are not using Fastly as your CDN, you’ll need to manually block the dangerous IP in the
ingresssection of your values.yml file.
Go to https://ipinfo.io/www.xxx.yyy.zzz (where
www.xxx.yyy.zzzis the suspicious IP).
Update your values.yml file with the following snippet:
kind: Ingress (1) metadata: annotations: nginx.ingress.kubernetes.io/server-snippet: deny www.xxx.yyy.zzz; (2)
1 Specifies the kind
2 Denies the specific IP address. For more information on
server-snippet, see NGINX Ingress Controller reference.