Hey everyone! I'm currently working on a personal MERN web application that I've hosted on Render. I'm planning to release it to a small community of players, with an estimated size between 100 to 1,000 users. I'm looking for advice on how to handle possible DDoS attacks and how to prevent unexpected costs. I've got a basic understanding of rate limiting but I'm confused about proper implementation. I've heard that reverse proxies like Cloudflare can help manage DDoS attacks, but I also need to consider rate limiting on my Express server. Could anyone provide suggestions or resources on what I should learn or implement? Thanks a ton!
1 Answer
Using Cloudflare is a solid choice for DDoS protection, but you definitely need to implement rate limiting as well. Proper rate limiting helps manage traffic from legitimate users who may unintentionally overload your server. It’s about preventing a single user or a few users from driving up costs with heavy usage. The express-rate-limit package is great for this and can help you tie limits to user accounts or API keys to avoid abuse.
Got it, thanks! So Cloudflare handles the bot attacks while express-rate-limit protects from real users going overboard. That makes perfect sense!