FIt kind of depends on the risk vector one tries to mitigate on how to tackle this:
To mitigate (D)DOS attacks we usually recommend implementing an rate limit at the "edge" (meaning CDN, or Proxy)
In your case you could either use CF's rate limit feature or use fail2ban with nginx coupled.
Reason being you want to offload that traffic before it hits zitadel.
To mitigate (D)DOS attacks we usually recommend implementing an rate limit at the "edge" (meaning CDN, or Proxy)
In your case you could either use CF's rate limit feature or use fail2ban with nginx coupled.
Reason being you want to offload that traffic before it hits zitadel.
FYeah I get what you are building.
So my advice would be the following:
1) First line protection with CF
2) Second line protection by using nginx rate-limits
3) Third line protection by zitadel authentication limits
So my advice would be the following:
1) First line protection with CF
2) Second line protection by using nginx rate-limits
3) Third line protection by zitadel authentication limits
F(there is more possible, but i would start with that)