DDoS Protection is not working


It seems CloudFlare was not working to protect the web from a DDoS attack.
I have tried to attack my server in several cases:
- Case 1: Using https://ddostest.me/, In this case, all 3 modes medium, high or even “I’m Under Attack” did not block or JS Challenge. All requests go through CloudFlare and go directly to my original server. So the server is down.
- Case 2: I created a .NET application to send requests to my server (1000 requests/second). In this case, only “I’m Under Attack” mode can protect my server, the rest cannot.

So can someone tell me more about CloudFlare’s anti-DDOS mechanism?
Can we prevent layer 7 DDoS attacks with Cloudflare?


No customers have magic wands to block what many consider to be a DDoS. They just get more data and options to configure based on their specific traffic.

Case 1) those security levels are more about hacking than DDoS. It just increases sensitivity for suspicious requests. If the ddostest simulation didn’t get stopped by Under Attack mode, it would warrant a closer look at that traffic. Let Support know.

If you can predict the signature, then yes. But it gets back to the tools Cloudflare provides. You need to custom tailor your security settings based on your regular traffic. Here’s more info:

1 Like

This topic was automatically closed after 31 days. New replies are no longer allowed.