Add automated kill switch or rate limiting to prevent excess billing from DDOS attacks

Hi, I’d like to avoid a $104,500 bill for my simple static sites on a Starter plan.

My sites don’t need to be so highly available that it makes them vulnerable to DDOS attacks and me vulnerable to bills I won’t be able to pay. I’m perfectly happy with my sites going down after 100 GB of bandwidth usage.

If Netlify won’t protect my sites, I’ll be forced to look at alternatives that will.


This thread made referencing the same Reddit/HN thread (but then deleted):

Netlify CEO reply apparently here:

This thread was necro’d in relation to the same:

I hadn’t spotted this thread, thanks. (Had to look up the meaning of necro’d!)
I’m keen to understand what is and what isn’t in place to protect sites on the plan we’re on, as well as any additional protections for different plans.

Great questions @ross.coundon!

I believe it to be around 3.30am at Netlify HQ, so I imagine they’ll respond once it’s their business hours.

1 Like

Referencing threads that are related to this feature request:

Just tying in the follow up questions from the user that encountered the originally linked billing issue:

Perhaps something pertinent will be revealed.

@knapsack8008 Thank you for your feedback!

My sites don’t need to be so highly available that it makes them vulnerable to DDOS attacks and me vulnerable to bills I won’t be able to pay. I’m perfectly happy with my sites going down after 100 GB of bandwidth usage.

To be clear, this case was not a malicious DDoS attack. Our founder Matt commented on this here:

The important part from our perspective in Support is this:

For free users, my philosophy has always been that we can never go back and fix it if we ruin your moment of glory, but we can always cancel an invoice or refund a charge. Our support team does their best to identify these situations in advance of a user ever being made aware.

Until more controls are placed in the hands of our customers, Support will be reviewing all large bills BEFORE they go out.

Finally, I’ll leave you with another quote from that same tweet from our founder:

While we do currently have notifications in place that make a user aware that extra bandwidth is being consumed, we do not currently have the ability for users to preset limits. We have assembled a team to immediately address this, and we will report back to the community ASAP when we have some more solid information to share around timing.

We’ll share more info here in our Forums as soon as we can. Thank you!


Another related thread:

Related features marketed by Vercel:

Spend management

DDoS protections

Vercel has a good marketing department.

1 Like

They’re certainly trying to make effective use of an opportunity that has presented itself.

It’s not fun that it happened overall, but people have requested related features for years and it’ll be great to see if any of them get traction.

I’d be in the extreme minority but I’d actually like it if Netlify ensured there was no “free plan”.

It’s obviously good for hobby sites, but I don’t see how outside of “marketing” that ensuring people utilizing resources “never pay anything” could possibly be good for the long term health of the platform.


Like the non-alcoholic beer brand that put a mobile billboard outside parliament house after the Barnaby incident! :rofl: :+1:

I do not disagree. Heroku got rid of their free tier a year or two back if I recall. Many platforms don’t offer free plans, or offer it for a limit time only (e.g. 7–14 days.) Trial periods (7–30 days) are good. As long as they don’t ask for a credit card up-front I’m in. If it meets my needs, happy to cough up money.

They did.
We promptly abandoned them, but it wasn’t a loss for them, since we weren’t paying customers!

That’s definitely important, as you want to be reasonably certain something meets your requirements before handing over payment details.

Ultimately I just don’t think that “Spend Management” should allow you to max out usage of plan allowances without fear of any expenditure, otherwise all such sites are guaranteed burdens.

There’s probably a much better way, because I’m no expert, (and there are several metrics for resources on plans), but with the Pro Plan at $19 for 1TB, and the Starter Plan starting with 100GB, if you wanted to “lock your resources” at such a low level, you should be charged a fixed fee of $2 - $5 upfront or something.

That way you’re at least contributing, it would make it less appealing for abuse, and it’d put it in the same pricing bracket that cheaper LAMP stack hosting used to sit in.

1 Like

@nathanmartin Thanks for linking threads together on the forum. Nothing gets past you!

@laura Thanks for the update. Looking forward to hearing more.

Let’s keep the discussion focused on the original feature request if possible. There are plenty of places online to discuss consumer preferences, business models, etc.

It seems the Netlify staff and the community both agree that “preset limits” would be useful, and that’s good to hear.

There may well be, feel free to provide some specific examples, however there’s no place better to discuss Netlify’s than this forum (considering it’s one of the stated aims of it as per "questions about pricing & plans here! "), and no better place to discuss how this specific feature request impacts pricing, since it is in fact after all a request designed to limit charges.

If you disagree, feel free to explain, but I’m not going to accept just being told to “shut up”.
(Note: This is your only contribution to the Netlify forum so far, feel free to put your boots on the ground and help your fellow developers with their problems.)

If your ultimate issue is receiving notifications, you can use the ‘Tracking’ feature on the bottom of the thread and set it to Normal or Muted.

I do agree “preset limits” would be useful.

I do not agree that Netlify should need to go to extreme lengths to provide you a service entirely for free, which may be your ultimate request considering the statement:

I’m perfectly happy with my sites going down after 100 GB of bandwidth usage.

Perhaps that’s why you’re upset I expressed my opinion and want to stifle discussion?

There’s a very easy solution for this.

  • No billing method added: Site goes down after 100 GB bandwidth cap is reached. Users would get notified once this happens (apart from being notified before) and recommended to add a billing method.

  • Billing method added: Allow users to set a maximum spend limit. Site stays up after 100 GB free bandwidth cap is reached as long as the maximum spend limit is not exceeded. Users would get notified once the free cap is exceeded and asked to review their spend limit in case they need to increase/decrease it.


Easy for you to say that is.

@Nour So you’re likewise suggesting that Netlify implement a solution primarily geared towards ensuring people do not pay them, and there’s no risk to those people?

What do Netlify get out of it?

1 Like

Welcome to the Starter plan. It’s a free tier capped at 100 GB bandwidth for getting started. Suddenly waking up the next day to a $104,000 bill does not sound like getting started to me, but more like getting ended both personally and financially.

There are no (or there shouldn’t be) any risks associated with a Starter plan. This isn’t a game of surprise and there should be absolutely no risk elements (let alone as extreme as bankruptcy which is the main point here) associated with it. People choose the Starter plan because they are not in a position that is able to or ready to pay large bills, which includes hobby projects, people in countries with relatively high USD exchange rates (not everyone is privileged and there’s no regional pricing), those simply testing the platform and evaluating it among other competitors, and so on.

What do Netlify get out of it? I have good news for you. If you have a site that gets heavy traffic (especially for commercial sites rather than hobby/personal projects), you can upgrade to the Pro plan for 10x the bandwidth (1 TB) and a lot of other extra benefits and features at only $19/month, which is what every sane user would do and how freemium business models work. There are no sudden gotchas or ‘risks’ here, just transparent pricing depending on need and traffic. Want more? Luckily, you can upgrade more.

If you really believe there should be a ‘risk’ associated with a Starter plan, this is a point I’m not interested in debating because (and rightly so) even Netlify (including the CEO) believe there should be no such extreme risk associated with the Starter plan, which is why they have stated and confirmed that they have (in this case and previous cases) and will waive any sudden large bills incurred from heavy traffic spikes. This is something other sites also do, like Plausible Analytics for example, even for subscribers; if you have a sudden spike, they do not charge you extra for it, but if you have a consistent pattern of heavy traffic beyond your current plan, they will nudge you to upgrade your plan or otherwise stop providing the service.

If you’re really wondering what a business gains out of having a freemium business model and a free tier in general, I’m not here to explain it because I’m sure you can do your own research on it, especially when competing with competitors such as Cloudflare Pages (who offer unlimited bandwidth, among a host of other free services), GitHub Pages, Vercel (who have apparently now added spend limits) and so on. Cloudflare offer a lot for free because they gain a huge amount of traffic data, insights and analysis from so many users that helps improve their systems which they market and sell to enterprises. For starters, there would be far less reason for people to bother with trying out or getting into Netlify (and eventually do what a lot do and upgrade to subscribers, apart from just helping growth through spreading the word) which is bad for business and competition, and it doesn’t take a genius to figure this out when the comments, backlash and those who’ve now decided to avoid or stop using Netlify altogether and opted for the alternatives on both Reddit and HN are very telling.

The Starter plan is one of the main reasons Netlify is so popular and loved and recommended by many people and developers, and it seems Netlify are well aware of all of this, otherwise they would have a different stance and policy when it comes to billing Starter plan users. But as I mentioned, I’m not interested in going into any discussion on business models nor have the time or mental bandwidth for it, and just dropped by here to give my two cents on what an obvious solution would be for both Netlify (who don’t want people to face risks such as sudden huge bills) and its Starter plan users (who want more transparency, controls and flexibility when it comes to being billed) in light of the recent situation.

@Nour I agree the $104,000 bill is absurd, but luckily so does Netlify, there are a few things that went wrong there.

However the community response, and yours included, seems to be angling towards Netlify putting a solution in place which offers to market a FREE PLAN (something they don’t have currently).

My point is, would you be happy with actually paying something, or are you only interested in a completely free plan?

If you are interested in only a completely free plan, especially in regards to bandwidth, then it would seem that Cloudflare Pages would be your best bet. You can’t get bitten by expensive bandwidth overages on a plan that claims free unlimited bandwidth:

I’m also all for transparency, self-service controls and flexibility of options for developers.

I also entirely understand everyone trying to avoid discussion of “business/pricing models” by claiming it’s “off topic”, since it’s a nice play to try and shut me up and “get what you want” without dissent, but the existing Starter Plan and its inclusions do not exist in a vacuum. The overage charges have been prominently displayed for years and would likely be an aspect of the plan that makes offering it viable.

If this request was purely about features for paying customers, then pricing simply wouldn’t come into it at all.

But the expectation from the community is that they be able to partake of the lowest level plan inclusions without any risk of overage charges, and with that also having no flow-on impact to pricing, it seems quite entitled.

If Netlify want to offer it, that’s great, it’s theoretically a win for everyone!
It’s just a bit much for non-paying users to bully a company into offering something that by their own admission they don’t want to pay for, and that others (the paying customers) would ultimately foot the bill for.