What to include in a DDoS attack ticket

Including this information will allow us to help diagnose and mitigate the effect of a DDoS on your service

0: Verify the Attack

As a customer support engineer, I’ve seen some cases where what appears to be an attack was actually bots the customer enabled. It is a good idea to determine if these bots are overwhelming your servers. If you know the IPs where the requests are coming from, you can use an IP Block List to quickly block them.

Unless you have Enterprise support, Fastly does not actively monitor the account to detect a possible DDoS. These tips will help you make a report and let us assist you as fast as possible. When reporting a DDoS attack, please include as much of the following information as possible. While not required, it will greatly assist us in helping you faster:


1: Service ID

You can find the service ID on the tip right corner on either stats or configuration page.

2: Severity

How much impact on your service? Is there a risk of service interruption?
Are there any latencies or unavailable to reach any or all of your web pages?

3: Size of attack

If you know the size of the attack, let us know such as " Currently 50Gbps while usually there was only 2Gps".

4: Any insight and additional information of the attack

Are there any patterns that distinguish attack traffic, such as an IP range or user agent?
Do you have any history of similar attacks, especially in the last 24 hours? Are there logs available for this and/or previous attacks?


Thank you for reading!