Hello,

It seems like our changelog announcing DDoS protection has provoked someone, and since we are still establishing a baseline with Fastly, full DDoS mitigations weren't applied.

https://status.railway.com/cmlvw0n6u00129w5qnapyib77

Now our services have fully recovered. However, the damage has already been done. our users experienced the disruption.

This product is built on trust, and incidents like this directly affect that trust. We are concerned about the impact this has had on our users and the confidence they place in our service.

Thank you.

could 429 too many requests errors also be a result of this?

I'm getting the same error; I'm assuming (and hoping) it's related as well

Is it possible to disable DDoS protection from Fastly per services?

It is not. Curious why you ask?

I already have it enabled through my clouflare proxy

It might seem unnecessary, and maybe it is, but in practice, it's really not going to hurt anything to have it twice.

I recall reading a thread suggesting that certain Cloudflare DDoS rules should be turned off. I'm seeking clarification because I am seeing excessive access attempts to .php files. Previously, Cloudflare was blocking this and traffic was lower, but now I see HTTP logs again. The source IPs appear to be from fastly.com. Should I disable Cloudflare, or how should I adjust it?

Fastly isn't going to block bot traffic, they are for DDoS so if this bot is not making excessive requests relative to an attack they will be let through.