Cloudflare DDoS detection


One of my website is often targetted by HTTP flood attacks, at least twice a week, usually with around 10k rps. I’m currently on the free plan.

Cloudflare detects those attacks, but often a bit too late (30s-60s too late), causing my hosting provider to trigger their own DDoS protection and resulting on the website being unavailable for around 5 minutes.
I’ve made a script to automatically trigger “under attack” mode using the Cloudflare API which works most of the time, but sometimes it’s not fast enough.

I’m not sure this is the right place to ask this, but will upgrading to a paid plan help having a faster detection/protection by Cloudflare? If yes, would Pro plan be enough? I couldn’t find much on forums about this, it’s often vague answers.


All plans receive the same level of DDoS protection.

Have you tried changing the sensitivity of Cloudflare’s DDoS detection to High? You can do so by creating a DDoS ruleset override in the dashboard.

If that doesn’t work, the only other solution I can think of (besides asking your hosting provider to adjust their DDoS protection) is to implement a global rate limit on your site. This will only work if the attack originates from a relatively small number of IP addresses.

1 Like

Honestly… every time we see small hosts attempt to implement their own L7 protection it always ends up poorly.
I would ask them to disable it altogether because small hosts simply don’t have the expertise nor resources to build proper L7 firewalls, even if they have good intention and genuinely believe to be doing well.

All plans have the same core protection, it’s not until you reach the enterprise level that you have some actual enhancements that aren’t (for now at least) included on the rest of the plans.
The enterprise plan is quite expensive, starting at around $36k per year.

FWIW ddos protection runs on parallel and has some delay, it’s not evaluated on a per-request basis like other protections such as bot management and WAF, it takes some time for it to take effect and mitigate the attack.


This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.