<b>120,000 fake requests a second, absorbed at the edge</b>
An iGaming operator serving Jakarta woke up to a layer-7 flood: 120,000 requests per second hammering /api/balance with valid-looking sessions. Origin, sized for 3,000 RPS, was drowning, and real players couldn't log in.
We pushed the defense to the edge. Static endpoints were already cached, so the flood only mattered on the dynamic API. We added an edge rate-limit keyed on session plus a managed challenge for traffic with no prior cache footprint. Legitimate cached traffic, 91% of normal volume, never touched origin.
The attack peaked at 120k RPS at the edge; origin saw 2,800 RPS, below its normal load. No scaling event, no downtime. Jakarta players kept playing, blind to the war happening in front of them.
The number that mattered: 120,000 RPS at the edge, 2,800 reached origin.
Edge of Glory
@EdgeOfGloryCDN
<b>120,000 fake requests a second, absorbed at the edge</b>
Этот пост опубликован в Telegram-канале Edge of Glory. Подписаться можно по ссылке: @EdgeOfGloryCDN.