CloudFlare DDOS protection ByPass

Hello everyone!

I currently have a FreePlan on CloudFlare.
I’ve been victim of a DDOS attack in the last few days that bypassed the CloudFlare protections completely.

This attack simulates requests coming from search engines like Google or Bing or even my own site.
Even when I activate the “Under Attack” mode, the attack continues to work and totally down my website.

Here is a screen of the received requests:

Do you know how I can stop this attack?

Yours sincerely.

Have you set up a firewall on your server that blocks any request not coming through Cloudflare’s IP addresses?

1 Like

If you have done what’s above and the attack(s) still occur, try what I’m about to suggest.

If your website is static (meaning it doesn’t change), you can go into page rules, create a rule for your domain, and set Cache Level to Cache Everything. This will tell CloudFlare’s servers to store your website and serve it, instead of requesting it from your website then serving it.

If your website dynamic (meaning it does change for each user), you can tell your web developer to try and design your website around CloudFlare workers. Once all dyanmic requested content is served by CloudFlare workers you can set the Cache Level to Cache Everything. If issues persist with your website while cache is on, then the development was not done correctly.