But it needs to be able to be anti ddos and handle hundreds of thousands of requests for my small web app
You can take a look at some European alternatives which have to be GDPR-compliant:
Or you could literally ask any data center provider to give you DoS protection. Many offer this as a premium service and others have contracts where you get third party services like the ones mentioned by you for less money.
Unfortunately this is more or less impossible.
The closest you could get is something that proxies on the TCP level. This would already reveal all of your visitors’ IP addresses and the sites they are visiting. However at this point good DDoS protection is already incredibly difficult because the amount of information they can see about the request is very small.
If you want a full DoS protection and caching solution you will want the proxy to see the traffic, in which case you are back at all of the privacy concerns of Cloudflare.
I’m going to be honest, the main reason that Cloudflare gets hate is that it is popular. This means that it does have a very good view of your web activities because a good chunk of the websites you visit are using Cloudflare. So maybe what you are looking for is just something equivalent to Cloudflare but less popular. This does have privacy benefits because it means that fewer companies have a “global view” of your activity, but isn’t fundamentally different.
hetzner.com and ovh.com both have free ddos protection included with their servers.
I’m using OVH for a few years now and can’t complain. Had a a few DDOS attacks on my two vserver and they mitigated and informed me swiftly by mail. And their prices are competitive.
don’t we all…
If your small webapp is static, or mostly serves static resources, you could offload these to community driven mirrors, or maybe IPFS?