Preventing DDoS attacks

To prevent and mitigate DDoS attacks, Magnolia PaaS grants all customers (using Fastly as their CDN):

  • Access to origin shielding

  • Automatic resistance to availability attacks

  • Access to Fastly cache IP space

  • Custom DDoS filter creation abilities

Block IP address with ingress

block ip flow

  1. If you are using Fastly as your CDN in your Magnolia PaaS project, you can block IPs directly from the cockpit. Cool, huh?

    Check out the instructions for doing that here.
  2. If you are not using Fastly as your CDN, you’ll need to manually block the dangerous IP in the ingress section of your values.yml file.

Instructions

  1. Go to https://ipinfo.io/www.xxx.yyy.zzz (where www.xxx.yyy.zzz is the suspicious IP).

    ipinfo report abuse

  2. Update your values.yml file with the following snippet:

    kind: Ingress (1)
    metadata:
      annotations:
        nginx.ingress.kubernetes.io/server-snippet: deny www.xxx.yyy.zzz; (2)
    1 Specifies the kind Ingress.
    2 Denies the specific IP address.
    For more information on server-snippet, see NGINX Ingress Controller reference.
Feedback