in order to improve our security posture against DDoS attack, we are trying to better understand which tools/configurations, at cloudflare level, we can implement.
What we have understand from the docs that we read from your website is that the typical DDoS attacks are “managed by default” from Cloudflare.
What we are not completely sure is that our configuration in cloudflare is adequate and harden enough.
For these reasons, we would like to understand if, in term of prevention, detection, information and reaction there are more configurations/actions that we could put in place.
Let me do some examples to better explain the meaning of our request:
As I wrote we think that our configuration is well tuned for our needs, but to increase our confidence is there is the possibility to audit our ruleset ?
Assuming that for some scenarios it is not possible to further strengthen the configuration, we would like to understand if and how is possible to detect (always within cloudflare) and to be informed of a DDoS attack.
Is it possible configure alarms on cloudflare ? Is it possible to identify an attack by analyzing the logs that can be obtained from cloudflare ?
Finally, considering that for the majority of our public URLs, we expose APIs to other applications, are there methods to be able to react and mitigate a possible attack ?
For example the “I’m under attack” button in our case (API) does not seem appropriate to us, because there is no human interaction with our URLs.
Thank you very much in advance for your explanations.