Preventing DDoS attacks
To prevent and mitigate DDoS attacks, PaaS grants all customers (using Fastly as their CDN):
-
Access to origin shielding
Origin shielding is designed to reduce the load on an origin server by centralizing cache fill operations to a limited set of CDN locations. For more details, see Shielding.
-
Automatic resistance to availability attacks
-
Access to Fastly cache IP space
-
Custom DDoS filter creation abilities
Learn more at Fastly’s Always-on DDos Mitigation page. |
Block IP address with ingress
-
If you are using Fastly as your CDN in your PaaS project, you can block IPs directly from the cockpit. Cool, huh?
Check out the instructions for doing that here. -
If you are not using Fastly as your CDN, you’ll need to manually block the dangerous IP in the
ingress
section of your values.yml file.
Instructions
-
Go to https://ipinfo.io/www.xxx.yyy.zzz (where
www.xxx.yyy.zzz
is the suspicious IP). -
Update your values.yml file with the following snippet:
kind: Ingress (1) metadata: annotations: nginx.ingress.kubernetes.io/server-snippet: deny www.xxx.yyy.zzz; (2)
1 Specifies the kind Ingress
.2 Denies the specific IP address. Only use the `server-snippet` exactly as instructed. Otherwise, you may cause issues with your PaaS deployment.