Support Forums

How to make Netlify Functions more secure


I am currently experimenting using Netlify Functions and got one question:
Is there any way to make those functions resistant to spam?
You have 125k serverless function executions per site/a month using the free/pro plan without any add-ons. As far as I am concerned this is weak spot for possible attacks as someone could get the link of the function and start a flood attack on said link.

I am trying to find a way to disable the functions dynamically in case of an attack to protect me from unexpected costs due to an attack. Does Netlify offer something like this, can I work with some kind of API or is this a risk I have to take when working with serverless functions.

An alternative idea I had was using CloudFlare to detect attacks and stopping them before they even reach the Netlify Servers, but first I wanted to clarify if there is any other solution.

Thank you in advance!

Good questions!

The same principles would apply to any of our metered usages (bandwidth, forms, et cetera). Our goal is to keep your site up, always, as-is :tada: You will want to keep tabs on your usage, if this concerns you. We do send emails when you achieve certain usage levels.

What you may want to do is manually/automatically keep track of your Functions usage. Then, when this hits your threshold, trigger a deploy (either a branch or a version of the build without the function) so that you don’t continue to use your allowance.

We haven’t got any demos of this to hand however I’m sure that this is more than enough to get you started! You can consider something like Zapier to act upon receipt of an email or even our open-API for something a bit more self-built. :slight_smile: