DDoS protection on the free plan


#1

Hi,

Does CloudFlare provide DDoS protection on the free plan? The website of a client was attacked while it was under CloudFlare. The hosting provider suspended the website due DDoS so it means CloudFlare disabled itself during the attack.

Do you think a Premium plan would help? Is there a limit it can handle?


#2

Cloudflare doesn’t “disable” itself during an attack. DDoS protection is a feature for all plans. Higher cost plans don’t provide special DDoS protection. And so far, there’s been no DDoS attack Cloudflare hasn’t been able to mitigate through its server network.

I’m curious as to what the hosting provider noticed. Keep in mind that Cloudflare can’t stop attackers from directly hitting your IP address. So…all hits coming through Cloudflare naturally come from Cloudflare’s IP addresses, but include visitor IP address in the headers.


#3

I think it does or it “unhides” server IP. How an attacker could knew website IP if CloudFlare hidden it?

I found this: http://www.webhostingtalk.com/showthread.php?t=1065748&p=7571702#post7571702

Is it still correct?

It is mentioned that CloudFlare’s Business plan offers advanced DDoS security, for example: http://prntscr.com/ji0y4i So is this not true?


#4

I can’t imagine.

Was it a targeted attack? Scanning entire networks is easily done. Scanning and enumeration.
Cloudflare can not do anything against it since they are basically protecting on DNS level. (origin IP gets hidden behind CF)

Are you sure that there’s no DNS record exposing the origin IP? This is often the case with “mail.domain.com” which points to the origin as a subdomain. Since mail isn’t proxied by Clodflare (domains handling mail services must be set to :grey: ) the attacker has got the origin IP. And guessing smtp., mail, imap., webmail… isn’t that difficult. Even if it is not the same IP it might be on the same network range. Companies are often listed
in the whois record along with their provider so an attacker can go ahead with the scanning…

There are many ways this is just one example

Is he a CloudFlare employee? Oh, and it’s from 2011. :wink:

You can achieve more protection with Argo Tunnel for example. It’s available on every plan and billed on usage. You can find it under the “Traffic” tab.


#5

Damon was the community evangelist and a regular here on the forum. Yes, that was an old post, now outdated since the “Unmetered Mitigation for Everybody” announcement: https://blog.cloudflare.com/unmetered-mitigation/

The Business plan DDoS feature looks like an uptime guarantee, and nothing more. Enterprise looks to have advanced DDoS protection.


#6

This topic was automatically closed after 14 days. New replies are no longer allowed.