I’ve recently come back to Cloudflare after having been managing my own servers and firewall hardware application for a while. I’m no expert. I wanted to use CF again because I felt I’d get a better handle on a DDos Attack that I’ve been getting for the past 30 days or so. Like clockwork - every 12 hours - this attack occurs and lasts for about 2 hours. It seems like the atypical SYN type attack, where I’m getting inundated with requests from unique IPs. Before I came back to CF I had the effected site using the WAF on my hardware firewall device but it was still letting the threat through. When I configured the CF Firewall and WAF I’ve set all security limits to HIGH. I just went through another 2 hour attack and CF allowed most of the traffic through to my firewall as best I can tell. I see it dropping bad Mozilla clients primarily when it is dropping connections. Connections during the attack peaked at 15k in the 15 minute interval report, up from a normal 300 or so.
My question is, will CF Firewall and WAF learn how to block these attacks with each successive one? I know it identifies bad IPs across it’s network, etc. Or do you feel I’m missing something in the CF setup that could better thwart this?
On the positive side I’m seeing all the positive advantages to using CF’s services as my site seems to be loading much better than normal so I’ll be keeping my Pro account going forward. I forgot how good it was!