Hello everyone,
I’m new to Supabase and have been going through the Supabase Storage guides. I had a question regarding best practices for handling file uploads in a production environment. From the documentation, it seems common to upload files directly from the browser to Supabase Storage using RLS policies for security. However, I’m wondering about abuse prevention and rate limiting.
For a production-ready system, would it be better to:
My main concern is preventing abuse (upload spam / excessive requests) while keeping the architecture scalable and secure.
I’d appreciate any insights or recommended patterns that people use in production.
Thanks!
The user is seeking advice on best practices for handling file uploads to Supabase Storage in a production environment, with a focus on preventing abuse such as upload spam. They are considering whether to allow direct uploads with RLS policies or to route uploads through an Edge Function with rate limiting. Another user suggests using Edge Functions for rate limiting and references a relevant guide.
So i believe that supabase projects sit behind cloudflare so that any issues that come from say a Ddos attack would be mitigated by them. You can also enable spending caps to avoid going over the limits and if there is a clear issue you might be able to reach out to supabase support. With that said, if you really want to protect the storage route then you can use edge functions to apply rate limiting and this video here https://supabase.com/docs/guides/functions/examples/rate-limiting may be the most relevant