Hello there, my site just faced 32 million requests which lasted for 2 hours.
It was pretty intense (to me, at least) and my server provider sent emails to me complaining about my inbound and outbound usage.
Now, as I am no longer under attack, what should I do to learn and prevent this from happening again. I’ve currently added a firewall rule to give a JS challenge to the countries that “participated” the most in the attack. Is there something else I should do?