From Discord: https://discord.com/channels/713503345364697088/1212670816706236428/1212670816706236428

Background:
In a recent post on reddit, a user of another cloud service provider had uploaded a file ~3mb.
A bot network or some other kind of organized attack downloaded that file millions of time. He was charged $50 000 for that, even after a discount on the bill. This got me thinking about what options we have on Railway to mitigate such incidents.

Current state:
Hard cost limits can be set globally for all services.
When the hard limit is reached, all services are shut down.
In the case of a hacker attack similiar to the one described above, you would probably
only like the affected service to be protected while keeping your other services running.

Desired State:
Hard cost limits can be set per project. If a service is attacked in a similiar way as above, it would not bring down all your services, but keep the unaffected ones running.

Problem discussion:
While you can implement WAF or reverse proxy from other providers (cloudflare etc) it would be great if Railway
also had some first line of defence in place. Not only for costs but also for limiting or blocking malicous traffic. I think that became evident also in the recents attacks on Railway.app itself. I believe many users, like myself, use high level services such as Railway because we find the setup and configuration for the most common cloud services (such as AWS, Azure, Google..) out there quite hard.