European Cloudflare alternative?

[CrazyFrog]

One of my customers (a school of course) gets a DDoS attack a few times a year. It is mostly a simple attack but it costs us (the customer) money. Our network provider does provide scrubbing of traffic and it works well, but they bill us for every incident.

I proposed the customer to simply use Cloudflare, but they rejected it because it is a US company and the data is unencrypted in their worldwide PoPs, so they think it is not compatible with the GDPR. (At this point; I've read that Cloudflare will offer a GDPR compatible solution later - only decrypt in the EU PoPs - but it will be an enterprise feature with enterprise prices).

So, I am looking for a European-based Cloudflare alternative that has a nice price...

Looked at Myra (a German provider) but they talk in the $xxxx ranges, that is not acceptable for the customer. I checked out Bunny.net which looked promising at first, but they will not proxy your traffic and hide your server's IP, they only serve content from their own domain.

Anyone in the EU had this problem and can give me a good suggestion?

Thanks!
CF

 

[johannes]

Hetzner.de (hosting) has DDOS protection included and pricely good offers.

 

[CrazyFrog]

Hetzner.de (hosting) has DDOS protection included and pricely good offers.

I use them and like them too. Do you have experience with a DDoS with them? Do they nullroute or do they apply intelligent scrubbing? I could put a proxy there, but I wonder with their pricing model they might not go the extra mile...

 

[johannes]

Do you have experience with a DDoS with them? Do they nullroute or do they apply intelligent scrubbing?

No i have not. I`d recommend to ask technical details in the hetzner forum.

 

[Zhenyapan]

I use them and like them too. Do you have experience with a DDoS with them? Do they nullroute or do they apply intelligent scrubbing? I could put a proxy there, but I wonder with their pricing model they might not go the extra mile...

we use few servers in both their location - they don't use null route, they filtering and just send us emails when they started filtration and when stopped, our clients didn't have any issues with/without filtration - all fine.

 

[asmatkhan420]

Have you tried Bunny CDN? If not then give them one try to CDN they are the best alternative. Some balloon delivery service-based websites are using their packages.

 

[burn]

Try wedos.com or wedos.cz, it's a large Czech hosting provider. They started as a classic hosting provider, but over the last few years they've been rolling out the newer cloud-like services, including DDoS protection.

The cheapest is just €1/mo., and the "recommended" (aka middle) plan is €7/mo.

Direct non-affiliate link: WEDOS Global Protection

(I used them a few years ago for traditional hosting and domain registration, but not this. I don't work for them. I am just researching EU alternatives to Cloudflare as well.)

 

[carttt88]

If you're looking for a Cloudflare alternative in Europe, BunnyCDN is a great option. They've got a global network that's super strong in Europe, making websites load fast and reliably. Their prices are competitive, and they've set up data centers all across Europe to keep things moving quickly with minimal delays.

 

[jeroenlaylo]

One of my customers (a school of course) gets a DDoS attack a few times a year. It is mostly a simple attack but it costs us (the customer) money. Our network provider does provide scrubbing of traffic and it works well, but they bill us for every incident.

I proposed the customer to simply use Cloudflare, but they rejected it because it is a US company and the data is unencrypted in their worldwide PoPs, so they think it is not compatible with the GDPR. (At this point; I've read that Cloudflare will offer a GDPR compatible solution later - only decrypt in the EU PoPs - but it will be an enterprise feature with enterprise prices).

I do miss some relevant details, so I am answering in a more general sense:

• You could setup a simple reverse proxy with a party that is able to handle the DDoS attack. You might want to talk with that provider before implementing this, to be sure that they still have your back whenever a DDoS needs to be mitigated.
• You could move the entire website to an IaaS provider that can mitigate the attack.
• Depending on the type of the attack, the amount of traffic and the longevity, you could consider nullrouting it. It might be a simple booter, from a disgruntled student which only lasts a few minutes.

And last but not least: you can consider switching upstream network providers. Might happen more in the future as your hosting business grows. We regularly see DDoS attacks - most of them not exceeding a couple of gbit per second.