Recently, people always ask me: “How much is the minimum cost of a high defense CDN? I just started this small site, can I afford it?” To be honest, when I first started to do the site also think so, always think that the security protection is rich and big companies can afford to play the stuff, until my personal blog was a wave of DDoS paralyzed for three days.
At that time I used or a cheap web host, the traffic rushed in directly over the resources were blocked, customer service threw me a “recommended to buy high defense services. Angry I almost smashed the keyboard - these days, even the script boy have learned to use the toolkit random traffic, small stations should run naked?
Later I put on the market all the name of the high defense CDN service providers are measured once, from the international manufacturers to domestic niche brands, and even some “folk solutions” have not let go. Test found that some vendors of the entry package is simply conscientious to cry, monthly payment of a cup of milk tea money can carry 10G below the regular attacks, small stations can afford.
First of all, to dispel a fantasy: there is absolutely no such thing as “free high defense CDN”.The first time I saw this, it was a very good thing that I was able to get it. Last year, a manufacturer of activities to send 50G protection package, the results of blackmail gangs registered hundreds of accounts crazy brush coupons, the next day activities on the yellow. Now there are people in the forum touting “permanent free high defense nodes”, I take the test station to explore, good guy, the node IP is simply a home wide agent, was hit directly unplugged.
To really save money and be reliable, you have to look at the starter packages from the regular vendors. I've picked up three providers that are particularly friendly to small sites, focusing on three metrics:Whether the protection is real, whether the traffic is sufficient, and how much hidden costs are there。
CDN5“s ”Ant Shield" packageThe most straightforward I've ever seen - monthly payment of $59 gives 5Gbps protection + 200GB of traffic, billed at $1/GB after exceeding. The actual test carried 7.8G SYN Flood + CC mixed attack, customer service response speed as long as 3 minutes. The key isUnlimited number of domain names </strong, especially suitable for a bunch of small sites in the hands of the webmaster.
They did a pretty solid job with the technical details:
CDN07“s ”Moe Shield" ProgramCheaper, paying $39 per month but only gives 3Gbps protection + 100GB of traffic. Slightly weaker protection but smart scheduling shines, automatically switching Anycast nodes in case of an attack. There's a pitfall to be aware of:Their HTTPS requests are billed extra!The charge is $15 per million requests, which may be overpaid if the station has a lot of resources.
What surprised me the most was08Host's “Ironclad Station” Package. Annual payment of 299 yuan (equivalent to monthly payment of 25 dollars) to 2Gbps protection + 50GB traffic, but also send WAF basic rule base. Tested deliberately in the station plugged a SQL injection vulnerability, the attack request is directly intercepted and WeChat push alarm - this feature at least other sell 199 / month.
However, they have less node coverage, average access speeds overseas, and are purely geared towards domestic users. This is an example of their customized protection rules:
Don't believe the “unlimited protection” propaganda.. Once I measured a vendor's 99 yuan package, claiming 300G protection unlimited traffic. In fact, a 20G UDP Flood past, customer service immediately called to upgrade the enterprise version of ten thousand yuan - the original “unlimited” refers to “unlimited upward increase in money,” the set of The deep like the sea.
Small station choose high defense CDN remember three points:See real protection reports, calculate overages, and test customer service responsiveness.. There was a time when I was hit at 2:00 a.m., and a vendor's customer service waited for half an hour before replying, and the site collapsed early. Later I specifically pick weekday evenings to test customer service response, CDN5 and 08Host's performance is the best.
Now I have several small sites on different vendors for redundant backups, and the total monthly cost is kept within 200. In the last six months, I've had a Memcached reflection attack of up to 15G, and my business didn't jitter at all. Once the attack report shows that the source is a university server room, I also helped them find the server by the broiler - this wave belongs to the reverse security support.
To be honest, high-defense CDN now rolled a lot, thirty or fifty dollars can buy a reliable basic protection. But don't try to buy those cheap “shared protection pool” of the wild way service, last year there is a sell 19.9 / month vendors were pierced, along with the pool of hundreds of customers into the black hole.
Finally dump a hardcore suggestion:Be sure to ask for a test node before you buy. Legitimate vendors are allowed to test for free for 3-7 days, simulate a Syn Flood/CC attack with a stress test tool to see how accurate the reports are. I've written automated test scripts, thrown them on Github and had them used as stress test tools (cover your face).
In short, small station protection has long been no luxury, save a cup of milk tea money can let the site away from 99% script boy. But remember - there is no 100% safe program, high defense CDN is only the first line of defense, the key data also rely on off-site backup and multi-live architecture to support it.
