Ddos is not stopping, I have tried several ways

my site is under ddos.

I also enabled “under attack”, but still not working.

then I create a rule on WAF, this rule is for all users.
if
(http.request.uri ne “fake”)
then
captcha

basically, it require all users to verify before they can access my site.

but this still not working. my server still has tons of traffic.

any idea, I created a ticket. but looks like they can not help. they ask me to use rate limit .

basically, if certain conditions meets then use Captcha to verify users and block traffic.

but now, I have created a rule call "all js ", no matter what condition, I always require users to verify via captcha.
but this is still not working.

1- Either they got your server IP

2- or you need to the traffic to check where is the problem, setup WAF inside Security like this:

after 5 min check here like the photo

after you can block country or IP using same way “WAF”

3- It can also be a bots, If the site becomes a little popular. you will need “Cloudflare Bot Management”

You might find this useful:

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.