False HTTP DDoS Attack!

Cloudfare is blocking all traffic to my server because it detects a DDoS attack. However this is not true. There is no DDoS attack, this is usual activity. How can I stop cloudfare from blocking users that it think s are part of a DDoS attack?


What does your firewall event log say? What’s the domain?

What’s your current security level? Try lowering it.

The domain works fine in a web browser but all connections blocked from my android and ios app. Eventually cloudfare will stop blocking everyone and it will go back to normal until the same thing happens again next week when my app gets another surge of users at the same time.

Security is set to “Essentially off”

This only started happening last week. For months before that it worked fine.

Did you change anything else in the security settings? Otherwise it would be best if you opened a support ticket and have support check that out.

No nothing has changed in security except security level and also disabled “Browser Integrity Check”.

I have sent a ticket to support. Hopefully they can sort this out.


Make sure you respond to any automated responses, otherwise they might consider it solved and will close the ticket.

1 Like

It is interesting that Cloudflare takes such drastic actions as closing the connection directly, I did not know that was even possible.
How many concurrent requests is your backend receiving when those blocks occur?

In case of a proper denial of service attack that is exactly what I would expect.

What’s the website?

What’s the website, I want to see if it detects all incoming traffic as a DDOS attack attempt

I do not know the exact amount of requests that trigger the security. I understand why it thinks it is under attack but this was fine since 2019 up until last week so I am not sure what has changed.

Now I understand why there’s “connectionClose” action appeared as one of FirewallMatchesActions possible values:

What about rate limiting settings?

The website is unaffected. It only affects my mobile app when it tries to connect.

You simply might not have experienced any such scenarios and now Cloudflare actually blocks that. That would be the whole idea of Cloudflare.

From your graph it appears as if your traffic jumped up quite a bit.