Popular posts

Oh, and thank you for your excellent article! Hoping this can be used to protect my prod DB from abuse

Thanks Matt C. Supabase (hosted) uses DDoS protection from Cloudflare on the API Gateway, so you'll have some protection for it.

You can still do it, but the extra latency for read calls might be an overkill and hurt your performance more than an acceptable limit IMHO.

Rodrigo Mansueli thanks I appreciate your reply. I've instead set up insert/update rate limiting as above and an IP deny list which is checked during the pre-request. I've got some simple logs to monitor request methods per IP and might try and implement some kind of alerting so I can then add those IPs to the denylist if needed. Would be nice it was possible to trigger this via the logging mechanisms automatically