I'm relatively new to managing my website and just had a wake-up call regarding security. I've been running a small site for three years and usually pay around $1 a month, mostly for taxes and the domain. However, I recently received a shocking bill of $195.51 because my site was attacked. Last week, it got bombarded with nearly 130 million requests in just one hour, which drove up my CloudFront costs. This is my first serious issue, and after reaching out to customer support to dispute the charge, I'm eager to ensure this doesn't happen again. I've heard setting up a firewall could help, but the costs seem pretty steep—around $8 a month, which is a big jump from what I'm used to. Are there any effective ways to protect my site without incurring significant expenses?
1 Answer
A Web Application Firewall (WAF) would definitely help prevent these types of attacks on AWS. If you're looking to keep costs low, consider using the free tier of Cloudflare for protection. You can have your site hosted on AWS while Cloudflare keeps it secure without charging you anything extra.
Absolutely, that's the best approach! Plus, you can use a reverse tunnel to hide your origin server even if someone finds out it's hosted on AWS.