惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

D
Docker
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
C
Cisco Blogs
Scott Helme
Scott Helme
Know Your Adversary
Know Your Adversary
NISL@THU
NISL@THU
C
Cyber Attacks, Cyber Crime and Cyber Security
D
Darknet – Hacking Tools, Hacker News & Cyber Security
C
CXSECURITY Database RSS Feed - CXSecurity.com
S
Schneier on Security
I
Intezer
Spread Privacy
Spread Privacy
AWS News Blog
AWS News Blog
V
Vulnerabilities – Threatpost
Cloudbric
Cloudbric
V2EX - 技术
V2EX - 技术
Google Online Security Blog
Google Online Security Blog
L
Lohrmann on Cybersecurity
Recent Commits to openclaw:main
Recent Commits to openclaw:main
L
LINUX DO - 热门话题
S
Secure Thoughts
T
The Exploit Database - CXSecurity.com
博客园 - 【当耐特】
Recent Announcements
Recent Announcements
Security Archives - TechRepublic
Security Archives - TechRepublic
Stack Overflow Blog
Stack Overflow Blog
罗磊的独立博客
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
K
Kaspersky official blog
阮一峰的网络日志
阮一峰的网络日志
博客园_首页
Latest news
Latest news
B
Blog
F
Full Disclosure
大猫的无限游戏
大猫的无限游戏
博客园 - 叶小钗
L
LangChain Blog
GbyAI
GbyAI
Last Week in AI
Last Week in AI
S
Security Affairs
Apple Machine Learning Research
Apple Machine Learning Research
N
Netflix TechBlog - Medium
Security Latest
Security Latest
Vercel News
Vercel News
Y
Y Combinator Blog
G
GRAHAM CLULEY
S
Securelist
T
Troy Hunt's Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
雷峰网
雷峰网

Vercel News

Vercel Open Source Program: Winter 2026 cohort How Notion Workers run untrusted code at scale with Vercel Sandbox How we run Vercel's CDN in front of Discourse From idea to secure checkout in minutes with Stripe Building Slack agents can be easy Scaling redirects to infinity on Vercel Advancing Python typing Gamma builds design-first agents with Vercel How Avalara turns pipe dreams into patent-pending with v0 Keeping community human while scaling with agents How OpenEvidence built a healthcare AI that physicians actually trust Security boundaries in agentic architectures Skills Night: 69,000+ ways agents are getting smarter Video Generation with AI Gateway We Ralph Wiggumed WebStreams to make them 10x faster How Stably ships AI testing agents in hours, not weeks How we built AEO tracking for coding agents Anyone can build agents, but it takes a platform to run them Introducing Geist Pixel The Vercel AI Accelerator is back with $6m in credits Making agent-friendly pages with content negotiation The Vercel OSS Bug Bounty program is now available Introducing the new v0 Run untrusted code with Vercel Sandbox, now generally available How Stripe built a game-changing app in a single flight with v0 How Sensay went from zero to product in six weeks AGENTS.md outperforms skills in our agent evals Agent skills explained: An FAQ Testing if "bash is all you need" AWS databases are now live on the Vercel Marketplace and v0 Use Perplexity Web Search with Vercel AI Gateway Introducing: React Best Practices Nick Bogaty joins Vercel as Chief Revenue Officer How Mux shipped durable video workflows with their @mux/ai SDK How to build agents with filesystems and bash How we made v0 an effective coding agent Stopping the slow death of internal tools Building AI-Generated Pixel Trading Cards with Vercel AI Gateway We removed 80% of our agent’s tools AI SDK 6 Our $1 million hacker challenge for React2Shell Cline now runs on Vercel AI Gateway How to prompt v0 Build smarter workflows with Notion and v0 Vercel launches partner certification Inside Workflow DevKit: How framework integrations work React2Shell Security Bulletin | Vercel Knowledge Base Billions of requests: Black Friday-Cyber Monday 2025 Investing in the Python ecosystem AWS Databases coming to the Vercel Marketplace How we built the v0 iOS app Workflow Builder: Build your own workflow automation platform Vercel Open Source Program: Fall 2025 cohort Self-driving infrastructure Vercel collaborates with Google for Gemini 3 Pro Preview launch Vercel: The anti-vendor-lock-in cloud How Nous Research used BotID to block automated abuse at scale How AI Gateway runs on Fluid compute What we learned building agents at Vercel Build and deploy data applications on Snowflake with v0 BotID Deep Analysis catches a sophisticated bot network in real-time Vercel achieves TISAX AL2 compliance to serve automotive partners Bun runtime on Vercel Functions David Totten Joins Vercel to Lead Global Field Engineering Vercel Ship AI 2025 recap You can just ship agents AI agents and services on the Vercel Marketplace Built-in durability: Introducing Workflow Development Kit Zero-config backends on Vercel AI Cloud Introducing Vercel Agent: Your new Vercel teammate Update regarding Vercel service disruption on October 20, 2025 Agents at work, a partnership with Salesforce and Slack Running Next.js in ChatGPT: How to Build ChatGPT Apps Talha Tariq joins Vercel as CTO of Security Just another (Black) Friday Server rendering benchmarks: Fluid Compute and Cloudflare Workers Towards the AI Cloud: Our Series F Collaborating with Anthropic on Claude Sonnet 4.5 to power intelligent coding agents Preventing the stampede: Request collapsing in the Vercel CDN BotID uncovers hidden SEO poisoning How we made global routing faster with Bloom filters What you need to know about vibe coding Scale to one: How Fluid solves cold starts Addressing security & quality issues with MCP tools - Vercel AI agents at scale: Rox’s Vercel-powered revenue operating system Agentic Infrastructure Zero Data Retention on AI Gateway Optimizing Vercel Sandbox snapshots How Waldium made a blog platform work for humans and AI alike How FLORA shipped a creative agent on Vercel's AI stack Agent responsibly Making Turborepo 96% faster with agents, sandboxes, and humans Unified reporting for all AI Gateway usage new.website joins forces with v0 SERHANT.'s playbook for rapid AI iteration Two startups at global scale without DevOps Chat SDK brings agents to your users 360 billion tokens, 3 million customers, 6 engineers Meet the 2026 Vercel AI Accelerator Cohort Build knowledge agents without embeddings
Life of a request: Securing your app's traffic with Vercel - Vercel – Vercel
Dan Fein · 2024-12-05 · via Vercel News

4 min read

In any given week, Vercel Firewall blocks over one billion malicious connections—proactively safeguarding your app before the first request arrives. Defining access rules ensures your infrastructure scales only for legitimate traffic, keeping resources secure and associated costs in check.

With Vercel, application protection is integrated into every step of the request lifecycle. It starts with the platform-wide Vercel Firewall—active by default for all users—and extends to Deployment Protection and the Web Application Firewall (WAF) which give you granular security control and defense-in-depth.

Catch up: Read Part I

Life of a Vercel request: What happens when a user presses enter

Read now

Link to headingThe first line of defense: Vercel's platform-wide firewall

When requests reach Vercel’s globally distributed Points of Presence (PoP), the Vercel Firewall immediately inspects those requests. This automated, system-wide protection is designed to block threats like Distributed Denial of Service (DDoS) attacks, malicious TCP connections, and other common infrastructure abuses before they escalate.

The Firewall employs a multi-layered approach to address different types of malicious activity:

  • Network-layer protection (Layer 3): Detects and blocks large-scale DDoS or SYN flood attacks targeting your app

  • Transport-layer protection (Layer 4): Prevents malicious traffic, such as UDP floods, from progressing into your infrastructure

  • Application-layer protection (Layer 7): Mitigates targeted attacks, including HTTP floods or Slowloris attempts

Link to headingScalable and reliable usage protections

The firewall integrates with Vercel’s globally distributed PoPs, ensuring that attacks are mitigated close to their source. This minimizes the impact on application resources and prevents unnecessary costs from malicious traffic.

The platform-wide firewall is fully managed by Vercel and requires no configuration, offering enterprise-grade security out of the box and allowing developers to focus on building their application rather than managing infrastructure.

This first layer of defense is free to all customers, on all plans, and helps block hundreds of millions of illegitimate requests daily, saving customers time and money. When threats are blocked at the platform level—like a recent DDoS attack that peaked at 1.37 Tbps and was mitigated without downtime or manual intervention—your app stays untouched, and no usage costs are incurred.

At this early stage in the request lifecycle, Vercel Firewall enforces blocks already activated by your WAF to stop repeat offenders (called persistent actions, more on this below). System defenses, IP Blocks, and WAF persistent actions all operate without incurring any usage costs.

Link to headingDeployment Protection: Evaluating requests before the WAF

After passing through the platform-wide Firewall, which blocks large-scale attacks and infrastructure-level threats, requests are evaluated by Deployment Protection. This project-level security layer determines whether a request is permitted to proceed based on deployment-specific access rules.

Part of what sets Vercel apart is its framework-defined infrastructure, which enables rapid deployment of web applications. Every commit automatically provisions its own infrastructure across environments like preview, staging, and production. While these environments can be publicly accessible, Deployment Protection lets you control access—by Vercel account, password protection, or a range of trusted IPs—ensuring only authorized users can interact with your deployments.

Link to headingThe next layer: Customizable Web Application Firewall

During this year's Black Friday–Cyber Monday weekend, Vercel’s platform processed over 86 billion requests, blocking over 6 billion threats, or ~8% of total inbound requests. Most were stopped by system defenses, with the rest managed by customer-defined web application firewall rules.

While the platform-wide firewall delivers global protections, web applications often require more tailored security measures. This is where the Vercel WAF comes in—providing developers with a flexible, defense-in-depth security strategy with the flexibility to implement their own business logic to determine which traffic to serve.

  • Attack Challenge Mode: Activates a "Security Checkpoint" page to verify a user’s browser before granting access, with subsequent requests bypassing the checkpoint

  • Custom rules engine: Enables granular traffic control by combining parameters and actions, letting developers define which traffic to allow or block

Link to headingCustomizing per-request rule logic

Every request that reaches your app tells a story: where it came from, what it wants, and whether it belongs. The Web Application Firewall (WAF) lets you take charge of this narrative, giving your team the tools to act decisively at every step.

The WAF supports over 15 customizable parameters—including IP addresses, geolocation, user agents, and headers—so you can fine-tune defenses for your app’s unique needs. Paired with actions like logging, issuing challenges, or outright blocking, these parameters let you enforce precise security measures at scale.

For example:

  • Block unwanted IP ranges targeting critical endpoints

  • Rate-limit high-frequency requests by region or device

  • Apply rules to specific paths with framework-aware targeting

  • Log rules to test logic and traffic behavior before applying actions

Each rule runs in the order you define, giving you control over priority and execution. Manage configurations programmatically via the Vercel Firewall API or Terraform Provider to stay in sync with your workflows.

Some threats should only be acted on a per-request basis while others require immediate and ongoing intervention. Persistent actions ensure malicious requests are blocked early and kept out for an extended period. These blocks stop repeat offenders at the edge, reducing resource usage by preventing further processing—and therefore not counting against edge requests, data transfer, or other usage metrics, ensuring efficient and consistent security enforcement without impacting performance.

Finally, once a request passes through custom WAF rules customers can activate rules that are managed by Vercel, like the OWASP Core Ruleset which helps protect against common vulnerabilities like SQL injection, cross-site scripting (XSS), and other OWASP Top 10 threats.

Link to headingBuilding a web that's secure by default

Altogether, there are many components within the early stages of a request's lifecycle that are automatically in place by Vercel and proactively set by customers to secure your app from serving undesired requests.

The Vercel Firewall, Deployment Protection, and the Web Application Firewall (WAF) are cornerstones of our vision for a secure by default web. We’re committed to continuous innovation, ensuring our defenses evolve to counter new threats while making security effortless for developers. This commitment extends to proactive investments in WAF technologies and edge infrastructure, helping developers stay ahead in a shifting threat landscape.