How to protect Node.js from DDoS attacks?

I have a Node.js server with multiple API endpoints. It also provides the homepage for the client, which renders dynamic content. When rendering the homepage, the server also executes some actions included in multiple middlewares.

For now, I’m serving all static files like JavaScript files and images through Cloudflare CDN. However, I would also want to protect the server when non-static resources are requested, like the homepage with dynamic content and ideally access to API endpoints.

Wondering how I could protect my app from DDoS? Can I use Cloudflare WAF for that?


Our WAF can indeed protect your end points.Just depends on the rules you make to make sure malicious users do not abuse these URI’s.

You could set up rate limiting rules below for these assets.

You can also leverage all the other WAF components as well.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.