For last few days, we are getting DDOS from Australian IPs on a particular time.
Around 5k requests in a brief period of time targeting home page and random 4-5 pages linked from home page.
Security level set as Medium.
Cloudflare lets them all through despite Super Flight Mode turned on and classifies it human traffic. IPs change every 2-3 days. Hundereds of IPs with 20-30 hits each makes it quite difficult to block by IP.
2 strange bits about this recurring attack.
- Cloudflare Reports Edge status code 200 but origin status code as None. It appears these requests don’t wait for origin response and disconnect
- Despite no increase in CPUs or memory usage, traffic drops on the site as crawlers sense site is overloaded.
How to block this sort of recurring attack on business plan?