Vercel

Vercel Firewall Now Waives Costs for Blocked Malicious Traffic


Executive Summary

Vercel has updated its billing policy for the Vercel Firewall, eliminating charges for traffic that is blocked. Customers will no longer pay for CDN Requests or Fast Data Transfer for any requests that are denied, challenged, or rate-limited by its Web Application Firewall (WAF) rules. This change is applied automatically to all projects using the Vercel Firewall, aiming to protect users from surprise bills resulting from malicious bot activity.

Key Takeaways

* Cost Waiver: Charges for CDN Requests and Fast Data Transfer are now waived for any traffic blocked by the Vercel Firewall.

* Protection Scope: This covers traffic that is denied, challenged, or rate-limited due to WAF rules, protecting against attacks like scrapers, credential-stuffing botnets, and API abuse.

* Automatic & Immediate: The change is effective immediately for all projects using the Vercel Firewall and requires no user configuration.

* Complements DDoS Mitigation: This policy enhances Vercel's existing free, unlimited DDoS mitigation by also covering costs from non-DDoS malicious traffic.

Strategic Importance

This policy update makes Vercel's platform more financially predictable and secure for customers, reducing a significant financial risk and strengthening its competitive position as a secure hosting provider.

Original article