Prevent DDOS of my site

#1

My site has been getting a crazy amount of requests causing it to go down. What can I do to prevent this? I have a feeling someone is using a free web stresser to take it down. Can I use cloudflare?

#2

Hey @Carcraftz I imagine CloudFront would be a good solution for this situation. While I haven’t configured something like that, I know other members of the community have. Perhaps someone can offer a little guidance in that front.

#3

Hey @Carcraftz! We had a similar issue, and we resolved it with Cloudflare.

First, in Glitch, log the request headers and IPs. Then you can block those in Cloudflare settings. However, you will need to force people to go through your Cloudflare domain. This is how we did it:

(note: you will need a custom domain, and you will need to get Cloudflare workers, which is $5/month.

  1. add something random to the Glitch app name so people can’t guess it
  2. get a Glitch staff to remove all custom domains from that project
  3. create a fly.io app and add the Glitch app as a backend. Point the custom domain to the fly.io app.
  4. create a Cloudflare worker to add a http request header to all requests. The value should be something long and unguessable.
  5. In the fly.io backend settings, make it check for that header. That way, if the header is not present (the request is not from Cloudflare), they will not reach the Glitch app
  6. In Cloudflare, block the IPs and/or user agents (if the user agent is a non-browser agent, such as python-requests or curl)

This should force all requests to go through Cloudflare, and you can then block the spam.

Hopefully this helps :slight_smile: - Advaith

1 Like
#4

I would suggest using a custom domain linked to CloudFlare.

For extra security, log the IP addresses causing the DDoS then block the IP addresses.

#5

I’ll do this when I have time, thanks! I was buying a custom domain anyways so this is perfect.