DDoS Mitigation

Vercel provides automatic DDoS mitigation for all deployments, regardless of the plan that you are on. We block incoming traffic if we identify abnormal or suspicious levels of incoming requests. It works by:

• Monitoring traffic: Vercel Firewall continuously analyzes incoming traffic to detect signs of DDoS attacks. This helps to identify and mitigate threats in real-time
• Blocking traffic: Vercel Firewall filters out malicious traffic while allowing legitimate requests to pass through
• Scaling resources: During a DDoS attack, Vercel Firewall dynamically scales resources to absorb the increased traffic, preventing your applications or websites from being overwhelmed

If you need further control over incoming traffic, you can temporarily enable Attack Challenge Mode to challenge all visitors to your site.

A Denial of Service (DoS) attack happens when one device attempts to exhaust the resources of a system by sending a large amount of data to a server or network. These attacks can often be mitigated by finding and closing off the connection to the source of the attack.

A Distributed Denial of Service (DDoS) attack happens when multiple connected devices are used to simultaneously overwhelm a website with targeted, fake traffic. The goal of DoS and DDoS attacks is to disrupt access to the servers hosting the website.

The OSI model is a concept that outlines the different communication steps of a networking system. Different attack types can target different layers of the OSI model.

DDoS attacks often target the network (layer 3), transport (layer 4), and application (layer 7) layers of the OSI model. Vercel mitigates against these attacks, and protects the entire platform and all customers from attacks that would otherwise affect reliability.

The goal of a layer 3 (L3) DDoS attack is to slow down and ultimately crash applications, servers, and entire networks. These attacks are often used to target specific IP addresses, but can also target entire networks.

The goal of a layer 4 (L4) DDoS attack is to crash and slow down applications. They target the 3-way-handshake performed on TCP connections. This is often called a SYN flood. Layer 4 DDoS attacks are used to target specific ports, but can also target entire protocols.

The goal of a Layer 7 (L7) DDoS attack is to crash and slow down software at the application layer by targeting protocols such as HTTP, GET, and POST requests. They are often silent and look to leverage vulnerabilities by sending many innocuous requests to a single page. Vercel provides sophisticated proprietary L7 mitigation and is constantly tuning and adjusting attack detection techniques.

Vercel mitigates against L3, L4, and L7 DDoS attacks regardless of the plan you are on. The Vercel Firewall uses hundreds of signals and detection factors to fingerprint request patterns, determining if they appear to be an attack, and challenging or blocking requests if they appear illegitimate.

However, there are other steps you can take to protect your site during DDoS attacks:

• Enable Attack Challenge Mode to challenge all visitors to your site. This is a temporary measure and provides another layer of security to ensure all traffic to your site is legitimate

• Pro teams can set up Spend Management to get notified or to automatically take action, such as using a webhook or pausing your projects when your usage hits a set spend amount.

• Enterprise teams can set up IP Blocking to block specific IP addresses from accessing their projects. Enterprise teams can also receive dedicated DDoS support
• You can also use Edge Middleware to block requests based on specific criteria or to implement rate limiting.

Vercel automatically mitigates against L3, L4, and L7 DDoS attacks at the platform level for all plans. Vercel does not charge customers for traffic that gets blocked by the Firewall.

Usage will be incurred for requests that are successfully served prior to us automatically mitigating the event. Usage will also be incurred for requests that are not recognized as a DDoS event, which may include bot and crawler traffic.

For an additional layer of security, we recommend that you enable Attack Challenge Mode when you are under attack, which is available for free on all plans. While some malicious traffic is automatically challenged, enabling Attack Challenge Mode will challenge all traffic, including legitimate traffic to ensure that only real users can access your site.

You can monitor usage in the Vercel Dashboard under the Usage tab, although you will receive notifications when nearing your usage limits.