|
|
|
|
|
|
by william00179
640 days ago
|
|
|
Have you considered engaging the services of a CDN such as Cloudflare that specializes in such mitigations? Rolling anything on your own to mitigate this level of traffic is going to be a large undertaking and not something you're going to be able to do whilst under attack. Since from your post this looks to be a layer 7 attack your options would either be putting your service behind Cloudfront or Cloudflare and using their respective ddos mitigation tools. They also can provide support to get things configured and working effectively. There are other similar solutions out there that I've not had experience with so can't comment on, but utilizing one of the hyperscale services will be your best bet. |
|
|
Since you will likely not want to move your authoritative DNS zone to Cloudflare you can do a https://developers.cloudflare.com/dns/zone-setups/partial-se.... This will require the business plan $250 a month. If you can move your zone easily then you might be able to get away with the free account.
Once in place, spin up a new load balancer with new IPs for your service or update your current LB but don't publish the new IPs to your DNS zone. Configure Cloudflare to proxy to these. This will keep them hidden from whoever is attacking you.
Within the Cloudflare site config, under Security -> Settings -> Security Level set this to "I'm Under Attack" and this will start to present a challenge page to all users to confirm they're human before it forwards the traffic on to your origin servers.
That should take some pressure off and will allow your legit users to still gain access to the site.