Deprecated - Under DDoS Attack! First steps

This tutorial is deprecated in favour of Get started · Cloudflare DDoS Protection docs

Related content:


This tutorial covers some of the steps you can try to take to protect yourself from a DDoS attack. There is a Cloudflare Support Article on this as well.

  1. Sign up for Cloudflare - Cloudflare can provide a lot of helpful tools to help you overcome a DDoS attack, even on their free plan.

  2. Make sure all your DNS records that can be are set to :orange:, anything that is :grey: will bypass most of what you set up.

  3. Lock down your server to only accept connections from the Cloudflare IPs, this should stop the attackers from bypassing Cloudflare and going straight for your server using its IP address.

  4. Enable I’m Under Attack mode. You can find this under image image

  5. If you can get or have a paid Cloudflare plan, enable the WAF image image

  6. If the attackers are getting past the Under Attack page (i.e. they run Javascript) then you can also use a captcha challenge to start with image image image

    Replacing with your IP address so you can still access the site without a challenge.
    You don’t really want to keep this rule permenantly as it will inconvenience all genuine visitors, but it should stop / slow the attack.

  7. Monitor the Firewall Events Log to see if there is any pattern that you can see from the attackers when they hit the captcha challenge. You can then narrow down who you present the captcha challenge to. For instance, if the attacks all come from one country, you could just challenge visitors from that country. If they all use the same user agent, you can challenge all requests from that user agent and you should be able to make your rules more specific to minimise the effect on genuine site visitors while still slowing / stopping the attack.
    For example, you could use a rule like:

    with the country and user agent that the attacks are coming from and captcha challenge or even block these requests.
    Also, great points in this post about challenging all visitors except in certain conditions. E.g. unless from countries most commonly visited from, challenge etc.

You can do a huge amount with Cloudflare to protect youself from these attacks, especially using firewall rules to tailer your response to the attack.

For a more detailed guide on analysing and mitigating a DDoS, see Mitigating an HTTP DDoS Attack manually with Cloudflare.

Tutorial Reference: CT-38

Reviewed: 08/21

This is a Community Tutorial, most are wiki posts, so can be contributed to by Regulars and MVPs here. If there is a tutorial you would like to see, you can request one here.

If you would like to provide any feedback on this tutorial, please post in the #Meta category, tag your post #TutorialFeedback and let us know the Tutorial Reference above.

Other great resources on this community include the Community Tips . These address best practices when configuring Cloudflare, how to fix issues you may see, and tools to troubleshoot. Also you can view Expert Tips, great posts on the community from people in the know that may help you with your issue.

We encourage users to check out these great resources and the Cloudflare Support Centre before posting