DDos protection bypass

Someone recently ddosed my site with layer 7 and said they had a Cloudflare bypass, could this be true?

I highly doubt…

This ‘bypass’ is most likely caused by leaked IP addresses due do config issues or historical data about your website. Do you have any orange :exclamation: next to one or more of your records?

no i dont but i found the ip adress somewhere but he keeps claiming to have done it with the domain address

There is also 333 000 uncached requests in the Cloudflare analytics when it happend

It is recommended to set up firewall, either with your Virtual Server provider or with iptables to only accept connections from Cloudflare IP addresses. Also, when you get DDoS’d, Cloudflare will only protect against layer 7 attacks if you turn on “I’m Under Attack” mode.

1 Like

Cloudflare in a lot of cases is not “automatic” blocking layer 7 attacks (maybe only in enterprise plan, if someone can prove me wrong would love to know)
(I am not complaining)

you do have tools to set up your protection against it:

  1. you need to set up rate limiting with smart rules
  2. set up custom firewall rules to block the attack
  3. set up Access Rules blocks to block ips
  4. setting “I am under attack” mode
  5. cache everything you can

all this things are manual, maybe support help you in this case I really have no idea, but I also got hit by ddos attack that went directly from Cloudflare and I blocked it using the tools above.

the base of setting all this rules is data, Cloudflare not give you any access log so if you have access to your server logs start from there, if you dont setup a worker and use it to send logs (I made a worker example that do just that if you need help)

So basically someone flodded you with HTTP requests?! Care to post what kind of requests it was?

Yes of course, if your IP address is out there.

Considering you said you had 300k requests via Cloudflare it would rather seem these requests came via Cloudflare though, unless of course thats a typical number for your site.

This topic was automatically closed after 30 days. New replies are no longer allowed.