I will be launching a SaaS soon. Customers will be able to sign up and get their own 'space'. Each customer will get a generated sub domain plus they can add their own custom domain if they wish too.
My question is, how do SaaS companies that work with many domain names, set up DDoS security yet provide cheap pricing? Is there a method of DDoS protection that I am unaware of?
The systems I have looked at like Akamai are expensive. Yet other SaaS providers are able to charge just a few dollars a month for their service. Are there cheaper ways of doing this? I know I can get the free or cheap versions of cloudflare but they only handle 1 domain at a time. My application will have many domains pointing to it.
DDoS mitigation is a set of techniques for resisting distributed denial-of-service (DDoS) attacks on networks attached to the Internet by protecting the target and relay networks. This is done by passing network traffic addressed to the attacked network through high-capacity networks with "traffic scrubbing" filters. DDoS mitigation requires correctly identifying incoming traffic to separate human traffic from human-like bots and hijacked web browsers. The process is done by comparing signatures and examining different attributes of the traffic, including IP addresses, cookie variations, HTTP headers, and Javascript footprints.
Manual DDoS mitigation is no longer recommended due to DDoS attackers being able to circumvent DDoS mitigation software that is activated manually. Best practices for DDoS mitigation include having both anti-DDoS technology and anti-DDoS emergency response services. DDoS mitigation is also available through cloud-based providers.
Network-Layer Controls: by defining and enforcing IP whitelists and blacklists, you can allow or restrict requests from specific geographical regions and certain IP addresses.
Application-Layer Controls: pre-defined, configurable application-layer firewall rules let you address categories such as protocol violations, request limit violations, HTTP policy violations and more.
Adaptive Rate Controls: by monitoring and controlling the rate of requests against applications, you can automatically protect them against application-layer DDoS and other volumetric attacks.
You may refer to this Blog Post. The author has incorporated some simple but effective tips.
If your own cloud, there are many vendors who provide Anti DDoS Services. To name a few you can : Cloudflare, AKamai, ... and so on.
My two cents: never stop reinventing the wheel.