DDoS Mitigation

phxnkpxaya-8826 · January 4, 2026, 5:59pm

Hello everyone! Recently, my website was hit with a massive DDoS attack. Although it seems traffic was mitigated by Vercel, all of my Edge requests have been used. Is there any way I could get these back?, the website seems to still be working however.

All requests were cached and immediately filled up my free edge requests. I currently have attack mode enabled in case of another attack.

You can visit the site to take a look at https://unhittable-site.vercel.app/

system · January 4, 2026, 5:59pm

The domain troubleshooting guide can help with most custom domain configuration issues. You might be able to use that guide to solve it before a human is available to help you. Then you can come back here and share the answer for bonus points.

You can also use v0 to narrow down the possibilities.

pawlean · January 5, 2026, 3:33pm

You’ve already done the right thing by going on attack challenge mode. I recommend keeping that on. Vercel does have solid built-in DDoS protection, but unfortunately, because those Edge requests were technically “consumed” during the attack, they usually aren’t restored to your account automatically.

Here is what I’d recommend doing next:

Review your caching strategy: Take a look at your setup to ensure you’re maximizing cache efficiency. The more you can serve from the cache, the less strain there is on your resources.
Consider the Pro plan: If you find you need higher Edge request limits and more robust DDoS protection moving forward, upgrading to Pro might be a good move for the extra peace of mind.

Since billing and request limits are specific to your account, you’ll need to contact Vercel Support directly through your dashboard.

To prevent this in the future, I recommend:

Implement rate limiting: It’s worth looking into adding rate limiting directly within your application logic.
Leverage WAF: If you do move to a Pro plan, you can use Vercel’s Web Application Firewall (WAF) features for much tighter security.
Monitor spikes: Try to keep a closer eye on your usage metrics so you can spot and react to unusual traffic spikes as early as possible.

I hope this gets resolved quickly for you!

pawlean · January 23, 2026, 6:02pm

Hey there, @phxnkpxaya-8826! Just checking in to see if you still need help with the Edge requests after the DDoS attack or if you found a solution. Let me know!

phxnkpxaya-8826 · January 24, 2026, 4:20pm

Hey there, apologies I just saw your message. If I were to implement rate limiting, would legitimate traffic get rate limited as well, and also would requests still be cached even if they were rate-limited?, Thanks for your help!

Topic		Replies	Views
Site hit by attack / ddos Help firewall	4	133	February 6, 2025
Assalamualaikum selamat siang, aku ada keluh kesah, website saya yang saya deploy ke vercel ini mengalami serangan ddos, dan semua project di vercel ini ga bisa di akses Help	2	40	October 13, 2024
HELP -> Service Disruption Due to DDoS Attack -> IMPORTANT Help firewall	4	84	February 28, 2025
Follow-up: Second Bot Attack on Dec 8 - Both Limits Exceeded, Enhanced Protections Implemented Help firewall , queues	2	34	January 23, 2026
Bot Attack from Washington DC - Edge Requests Exceeded (1.7M/1M) - Request to Prevent Auto-Pause Help usage	4	54	January 24, 2026

DDoS Mitigation

Related topics