We recently had a users website come under a DDOS attack. The site itself was reasonably small (only a few HTML files and downloadable files), but because the requests were coming in continuously at several per-second from many different IP addresses, it was quickly eating into the users available bandwidth.

To help with this, we’ve added a new throttling feature to websites, that allows people to limit access rates to their websites from individual IPs. On the Files –> Websites screen when you setup or edit a website, you can change the IP Throttling to one of the following values:

  • 10000/200M
  • 2000/50M
  • 500/20M
  • 100/5M
  • 20/2M

The 2 values are “number of requests” and “bandwidth of requests” per-IP per-10 minutes respectively. So setting the 10000/200M value will limit each accessing IP to a website to no more than 10,000 requests and 200M of data per 10 minutes. If a particular IP goes over one of the limits, we’ll return an error page to requests from that IP for the given website for the next 10 minutes.

In general, people shouldn’t need to change this value from the default 10000/200M, but if their site does come under some form of attack, this will provide a way to help limit the damage.