DDoS attack?

Since a couple of days an IP is connecting to my website every second several times, without stopping.

The path points to the images/logos (I have thousands of them) altough they are not in the same domain.

I blocked the IP from Security > WAF > Tools… although sometimes the connection is still saturating.

In that case I restart Apache server and activate “Under Attack Mode”.

Any other alternative? should I change “Block” to “Managed Challenge”?
… or change the path where I have the images?



Thank you for asking.

I am sorry to hear you’re experiencing such an event :confused:

If I may add here as a really good reference for further cases in terms of security and protection with Cloudflare:

Last but not the least, kindly see more by reading Cloudflare articles which contain a lot of helpful information for better understanding and usage as well in terms of Security and Protection:

Are they coming from the same ASN or? :thinking:
Any other feedback like which user-agent or HTTP version are those requests? :thinking:

Thanks for answering.

Yes. Same ASN/IP (like the screenshot)

User agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6)
Path: ///mydomain.xyz/img/image.png

Is there a way to hide this access?
Action taken on Managed Challenge, but it’s still flooding my activity log.

Activity Log has a filter. You can filter for IP Does Not Equal [that IP address].

1 Like

The attack does not stop a week later. What I have done is remove the DNS and my server is now working properly.
In “Browser Cache TTL” I have put 1 year. Does that mean the images cache will be accessible for 1 year?.. or how long will they be accessible?

I have understood that. My question is how long will it keep these images even though I removed the DNS since Cloudflare has cached all the images.

Also I’m using: Caching > Configuration > Caching Level > Ignore query string

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.