Since a couple of days an IP is connecting to my website every second several times, without stopping.
The path points to the images/logos (I have thousands of them) altough they are not in the same domain.
I blocked the IP from Security > WAF > Tools… although sometimes the connection is still saturating.
In that case I restart Apache server and activate “Under Attack Mode”.
Any other alternative? should I change “Block” to “Managed Challenge”?
… or change the path where I have the images?
Thank you for asking.
I am sorry to hear you’re experiencing such an event
If I may add here as a really good reference for further cases in terms of security and protection with Cloudflare:
This guide is for those users of Cloudflare who experience medium-high level complexity DDoS attacks.
Continue reading if you want to accomplish the following:
Becoming more familiar with the Cloudflare Dashboard and crafting custom firewall rules.
Understanding the standard behavior of DDoS attacks and deploying effective firewall rules.
Realizing how powerful and valuable Cloudflare Firewall Rules are.
I initially thought of making a more complex guide (I will). However, I realized that no…
This tutorial covers some of the steps you can try to take to protect yourself from a DDoS attack. There is a
Cloudflare Support Article on this as well.
Sign up for Cloudflare - Cloudflare can provide a lot of helpful tools to help you overcome a DDoS attack, even on their free plan.
Make sure all your DNS records that can be are set to , anything that is will bypass most of what you set up.
Lock down your server to only accept connections from the Cloudflare IPs, this s…
Last but not the least, kindly see more by reading Cloudflare articles which contain a lot of helpful information for better understanding and usage as well in terms of Security and Protection:
Are they coming from the same ASN or?
Any other feedback like which user-agent or HTTP version are those requests?
Thanks for answering.
Yes. Same ASN/IP (like the screenshot)
User agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6)
Is there a way to hide this access?
Action taken on Managed Challenge, but it’s still flooding my activity log.
Activity Log has a filter. You can filter for IP Does Not Equal [that IP address].
The attack does not stop a week later. What I have done is remove the DNS and my server is now working properly.
In “Browser Cache TTL” I have put 1 year. Does that mean the images cache will be accessible for 1 year?.. or how long will they be accessible?
In “Browser Cache TTL” I have put 1 year. Does that mean the images cache will be accessible for 1 year?
It means that if I visit your website, my web browser will be told that this image isn’t expected to change for 1 year, so don’t request it again until then and just keep a copy locally in my browser cache.
Basically if you update the image (keeping the same filename, e.g logo.png), I (a.k.a all your visitors) won’t see the new image for 1 year unless I clear my cache or use a different web browser.
It means that if I visit your website, my Firefox web browser will be told that this image isn’t expected to change for 1 year, so don’t request it again until then and just keep a copy locally in my browser cache.
Basically if you change the image, I (a.k.a all your visitors) won’t see the new image for 1 year unless I clear my cache.
I have understood that. My question is how long will it keep these images even though I removed the DNS since Cloudflare has cached all the images.
Also I’m using: Caching > Configuration > Caching Level > Ignore query string
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.