Brand new customer. Just changed the DNS server to Cloudflare after adding a website. Result: close to 300,000 requests flooding my web server in less than 25 minutes.
2 lines of the 300,000 identical requests in question (Apache log):
162.158.62.247 - - [04/Jan/2023:17:56:39 -0500] “GET / HTTP/1.1” 301 237 “THE REDACTED URL” “Mozilla/5.0 (Linux; Android 7.0; Moto G (4)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4590.2 Mobile Safari/537.36 Chrome-Lighthouse”
162.158.62.246 - - [04/Jan/2023:17:56:39 -0500] “GET / HTTP/1.1” 301 237 “THE VERY SAME REDACTED FRONTPAGE URL” “Mozilla/5.0 (Linux; Android 7.0; Moto G (4)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4590.2 Mobile Safari/537.36 Chrome-Lighthouse”
Both IPs belong, of course, to Cloudflare. They are the only one involved, at a calculated rate of 200 requests/second. Even though all these requests resulted in 301s, my web server almost died.
Changed the DNS server back to the original: all normal now.
I’m having second thoughts about trusting my domains to Cloudflare. I just can’t believe this.
Someone can tell me what this is, how it can be prevented (if at all)?