Preventing DDoS attacks
To prevent and mitigate DDoS attacks, DX Cloud PaaS grants all customers (using Fastly as their CDN):
-
Access to origin shielding
-
Automatic resistance to availability attacks
-
Access to Fastly cache IP space
-
Custom DDoS filter creation abilities
Learn more at Fastly’s Always-on DDos Mitigation page. |
Block IP address with ingress
-
If you are using Fastly as your CDN in your DX Cloud PaaS project, you can block IPs directly from the cockpit. Cool, huh?
Check out the instructions for doing that here. -
If you are not using Fastly as your CDN, you’ll need to manually block the dangerous IP in the
ingress
section of your values.yml file.
Instructions
-
Go to https://ipinfo.io/www.xxx.yyy.zzz (where
www.xxx.yyy.zzz
is the suspicious IP). -
Update your values.yml file with the following snippet:
kind: Ingress (1) metadata: annotations: nginx.ingress.kubernetes.io/server-snippet: deny www.xxx.yyy.zzz; (2)
1 Specifies the kind Ingress
.2 Denies the specific IP address. Only use the `server-snippet` exactly as instructed. Otherwise, you may cause issues with your PaaS deployment.