DDos attach on my site

I have applied the waf security also but the ddos is still there server load avrage is above 40, cant find what to do now, also purchase waf advance , and turn onn all the settings that i could know off

can you guys help me 14.05.2024_10.09.35_REC

First ensure:

  • DNS records pointing to your web server are proxied on Cloudflare
  • Your server only allows connections to your web server from Cloudflare IP addresses, and/or
  • Use authenticated origin pull with your own certificate to ensure requests only come from your Cloudflare account
  • Under Attack Mode is enabled on Cloudflare

Then follow this guide to fine tune your response…

can you please help me set things as custom job paid , i have tried alot of things but still there is alot of load on the server and site is offline

Hi @skinnyrepack,

It is not easy to provide you assistance without details. However I believe you may take some benefits of taking the Application Security Learning Path.

As @sjr highlighted it is extremly important to make sure that you block non-Cloudflare traffic to your origin server. You may learn more about this here. You may also find Cloudflare IPs here.

You may also protect your origin by using Cloudflare Tunnel.

In the zones (web sites / web applications) that you have the Pro Plan or above, I would recommend you to enable our new Web Traffic analytics, since it will provide you a deeper insight into your traffic. You may do this in the Analytics tab.

You may also use features and products like: Bot fight mode, Super Bot Fight Mode, Cloudflare Web Application Firewall, WAF Managed Rules, Rate Limiting rules, and other.

But I would definitely recommend you to start by ensuring that you block all non-Cloudflare traffic and, after that, to understand your traffic in order to be able to efficiently mitigate/prevent possible attacks.

1 Like