How to protect your Vercel site from attackers

Vercel's answer to $104, 000 Netlify bill on serveless horrors

-way

This is great to see, youre always listening to your costumers and iterating

utuberlol

As always amazing content! Thanks Lee!

DominikSipowicz

If the rate limiting is in the middleware, Vercel charges per-middleware invocation so you'd still incur a potential large bill if the rate limit is triggered a lot?

rhysyw

really great work guys, always believed you would find a way to help with these horror stories on twitter.

zhanezar

Would be nice to add a toggle so that you can either let it turn on automatically (and off when spike usage dies down) and notify admin OR notify admin on usage spike and ask if mode should be enabled.

philipaarseth

It would be very interesting to have an option to automatically turn on this mode when the number of requests are over a certain limit or sth like that, maybe when the number of requests is greater than 3 times the avg for example, you get the drill

yassine-sa

Is it still going to work on advanced ddos attacks

AjaySingh-jzqx

can vercel send notification when there's a vulnerability checked found?

cguser

Great to have this! Quick question: Is there any way to turn it on without breaking uptime monitoring? Somehow?

julienben

Does attack challenge mode also protect api routes?

freakinmonkey

It's taking longer to verification

kasper

Just add a button restric bill thats it, is it to much to ask

pranshubasak

What are the advantages of Attack Challenge Mode compared to Cloudflare "I'm under attack" mode?

JamesJGoodwin

Can we have proper CSP documentation? Nothing is working out of the box (fresh install + documentation followed)

koko