Preventing DDoS attacks

To prevent and mitigate DDoS attacks, PaaS grants all customers (using Fastly as their CDN):

  • Access to origin shielding

    Origin shielding is designed to reduce the load on an origin server by centralizing cache fill operations to a limited set of CDN locations. For more details, see Shielding.

  • Automatic resistance to availability attacks

  • Access to Fastly cache IP space

  • Custom DDoS filter creation abilities

Block IP address with ingress

block ip flow

  1. If you are using Fastly as your CDN in your PaaS project, you can block IPs directly from the cockpit. Cool, huh?

    Check out the instructions for doing that here.
  2. If you are not using Fastly as your CDN, you’ll need to manually block the dangerous IP in the ingress section of your values.yml file.

Instructions

  1. Go to https://ipinfo.io/www.xxx.yyy.zzz (where www.xxx.yyy.zzz is the suspicious IP).

    ipinfo report abuse

  2. Update your values.yml file with the following snippet:

    kind: Ingress (1)
    metadata:
      annotations:
        nginx.ingress.kubernetes.io/server-snippet: deny www.xxx.yyy.zzz; (2)
    1 Specifies the kind Ingress.
    2 Denies the specific IP address.
    Only use the `server-snippet` exactly as instructed. Otherwise, you may cause issues with your PaaS deployment.
Feedback

PaaS

×

Location

This widget lets you know where you are on the docs site.

You are currently perusing through the Magnolia PaaS docs.

Main doc sections

DX Core Headless PaaS Legacy Cloud Incubator modules