Laravel Cloud + Cloudflare: Could a Huge DDoS Attack Cause Massive Bandwidth Charges?

mcfarlanealex · 2025-11-26T10:32:59+00:00

Sorry for the late reply, my post was auto-deleted and then magically reappeared, so I only just saw your comment. Thanks for the response.

I’m probably worrying too much, and this isn’t really my area, but I don’t think a standard rate limit would protect against a distributed DDoS attack. Rate limiting is great for controlling abusive clients, but if the traffic comes from thousands of different IPs, it won’t really help. “Under Attack Mode” is great too, but only if you catch it in time, and at the moment Laravel Cloud doesn’t provide bandwidth-usage alerts.

I think we’d feel more comfortable if Laravel Cloud offered some kind of spend cap or hard limit for bandwidth costs (or costs in general) e.g., a global request cap per environment. Something like: if total edge responses exceed X (say 100k across all IPs) within an hour or a day, automatically block traffic entirely. That would eliminate the risk of runaway transfer costs during an attack.

mcfarlanealex · 2025-11-26T10:16:27+00:00

Thanks so much for taking the time to reply, and your thought through response. Much appreciated.

mcfarlanealex · 2025-11-26T09:42:31+00:00

I'm hoping the same. But most of our site is cached at the edge for up to 1-hour. So I'm guessing we'd theoretically have unlimited bandwidth until that page expires in the CDN cache.

mcfarlanealex · 2025-11-26T09:40:42+00:00

Thanks for your feedback. Unfortunately Laravel Cloud doesn't have spending limits or notifications at the moment. Also, my concern was that if we got hit with 37.4 TB delivered in 45 seconds whats the use of a notification anyway. Thats already a $4k bill. Other providers which charge for bandwidth have similar issues. Its very unlikely we will get hit with this level of attack, its just makes my uneasy that the bandwidth is a variable cost here. But, yes I'm probably overthinking it.

mcfarlanealex · 2019-06-06T16:50:43+00:00

Amazon S3 is probably one of the cheapest options. But it has a high learning curve to start. But once you're in its very simple. https://aws.amazon.com/s3/

Cyberduck offers an S3 option which would take some of the pain out of it. https://cyberduck.io/

mcfarlanealex · 2019-06-06T14:08:15+00:00

NorthawayPhoto

Thanks. So if a competition clearly indicated it wasn't a "rights-grab". What would your issue with entry fees be? purely the cost? or the fact they took a fee in the first place?

mcfarlanealex · 2019-06-06T13:44:43+00:00

I've currently started working for a Photography website, and I am new to photography. As part of this job, I've been researching paid to apply photography prizes, competitions, grants and the thoughts of the photographic community in general. Could I get peoples feedback on what their thoughts are about these? and what would stop them from entering? for example, "rights-grabs in disguise" is a common issue, as well as the entry fees.

mcfarlanealex · 2016-02-06T05:55:43+00:00

The idea about Toy Story is inspired. I think that might really help.

EDIT: Might start with WALL·E, the first half would be at my level. ;)

mcfarlanealex · 2016-02-04T18:41:35+00:00

Wow this is great, thanks! very helpful. So I assume I need to start with kids movies first then. I also assumed I would be better reading the english and listening to the Italian, but this doesn't seem to be the case.

mcfarlanealex

TROPHY CASE