DDOS with Origin Status Code None

For last few days, we are getting DDOS from Australian IPs on a particular time.

Around 5k requests in a brief period of time targeting home page and random 4-5 pages linked from home page.

Security level set as Medium.

Cloudflare lets them all through despite Super Flight Mode turned on and classifies it human traffic. IPs change every 2-3 days. Hundereds of IPs with 20-30 hits each makes it quite difficult to block by IP.

2 strange bits about this recurring attack.

  1. Cloudflare Reports Edge status code 200 but origin status code as None. It appears these requests don’t wait for origin response and disconnect
  2. Despite no increase in CPUs or memory usage, traffic drops on the site as crawlers sense site is overloaded.

How to block this sort of recurring attack on business plan?

Cheers

Hi there @kamran,

Thanks for reaching out to Cloudflare Community.

How to block this sort of recurring attack on business plan?

Seems like the most effective approach would be to enforce rate limiting on the affected hostnames:

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.