DDoS Attacks only landing on JS Challenge

Hi folks!

I am new on CF and i have a question about the DDoS attacks. My websites are getting attacked and i made some firewall rules now. Many countries get to the JS Challenge screen first.
The attack is still going on from China and Russia. I know that i can completely block them but for now i don’t want to do that. All attacks get to the JS Challenge screen now.

My question is: Isn’t Cloudflare identifying those accesses to my website automatically? Are they not going to get blocked automatically? There are attacks from the same ip for example 100 times in a minute. Can i configure some setting anywhere on the dashboard, where i can tell CF, that very often accesses should get blocked?


In terms of Layer 7 DDOS, Cloudflare doesn’t directly block HTTP floods until you get to a pretty big number of requests per second (although the threshold needed is unknown to prevent attackers from always staying right under the threshold).

Since there are a wide variety of websites, there is no catch-all solution that could be applied to both small websites that can’t handle even 100 requests per minute and big websites that both can handle hundreds of requests per second and have legitimate use cases for serving those hundreds of requests per second without hitting the IP reputation of the requesting IP addresses.

If you want to specify your own cutoff points, you can look into Cloudflare rate limiting:

This topic was automatically closed after 30 days. New replies are no longer allowed.