Hey everyone! I'm currently building a MERN stack web application and I've hosted both the frontend and backend on Render. I'm excited to share my site with a small group of players (maybe around 100 to 1,000), but I could really use some advice on how to deal with potential DDoS attacks and avoid unexpected charges on my bills. I've seen bits and pieces on social media about rate limiting and how to implement it, but it's all kinda jumbled up in my head. I've heard good things about using reverse proxies like Cloudflare to fend off DDoS attacks, but I'm also confused about how to set up rate limiting on my Express server. Can anyone offer tips or resources to help me understand how to secure my site properly? Thanks a bunch!
3 Answers
The free tier of Cloudflare should cover most of your concerns regarding DDoS protection. Just add the `express-rate-limit` middleware to your Express app, and you should be set for about 1k users. Also, don’t worry—Render's free tier generally won’t hit you with surprise bills, so you should be okay there!
I would advise keeping an eye on compute costs, even on the free tier of Render. If you can, set a spending limit; you don’t want to end up with a shocking bill at the end of the month! Trust me, I've seen it happen, and it’s not fun explaining that to anyone.
Using Cloudflare is a solid choice for protecting against DDoS attacks, but it’s also essential to implement rate limiting on your server. This will help ensure that even if someone accesses your site normally, they won't be able to overwhelm your resources with high-volume requests. You mentioned wanting to set this up on your Express server—definitely check out the `express-rate-limit` package to get started on that! It allows you to set rules based on users and their API keys, which is pretty handy.
Exactly! So using Cloudflare keeps away the bad bots, while the rate limiter can flag legitimate users who might accidentally use too many resources. It's a great combo!