Custom firewall rules not block entire attack

Hello I want to ask,
recently my site was attacked, and then I was trying to track down who attacked my site, and I saw someone trying to reconnaissance on my site, but, I find it strange, why Cloudflare categorizes the attack into 2 different services (DDOS & WAF). in WAF the attacks are blocked, but in DDOS the attacks get log actions. even though I have made firewall rules by adjusting the attack. what I’m asking is why the firewall rules that I created don’t block all attacks?

If the rules you created don’t block everything then your expression wasn’t matching all of the attacks - without seeing the rule or the requests that got past, it’s impossible to say what the issue is.

I explained earlier, in the overview it looks there is 2 different services (DDOS & WAF). in WAF the attacks are blocked, but in DDOS the attacks get log actions


what I’m asking is why the firewall rules that I created don’t block all attacks? as you can see in the image, there is still the attack that get “log” action with

The action is up to you - you can configure each L7 DDoS rule with sensitivity and action as per https://developers.cloudflare.com/ddos-protection/managed-rulesets/http/

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.