How to block websocket ddos?

my websocket server attacked by high frequency often , The feature is that many IP sends a lot of messages after contented websocket server,How to use cloudflare for defense

From what I know (I’m sure an MVP can correct me) Cloudflare will only protect the initial connection to the WS but not the messages sent. Cloudflare will only allow so many concurrent connections though based on the plan (Using Cloudflare with WebSockets – Cloudflare Help Center).

You could try and target those attacks with Firewall rules and block their connection entirely.

1 Like

Is there any relevant documentation

This thread from a while ago supports @WalshyMVP’s theory:

Since it’s @jnperamo, and recent, maybe there’s an update on how the project is going.

2 Likes

The project is going great, thank you for asking :smiley:

As for the WebSocket protection, no luck. Even though this is a known issue, it does not seem to catch the attention of Cloudflare (I guess it’s due to the limited amount of people that use websockets and face those attacks).

Our “solution” currently relies on mitigating the attacks through obesity which basically means that we deploy as many instances as needed on our cloud provider when those attacks occur. Ideal? Far from being but I wasn’t able to find any other reliable approach.

Thus being said, I plan on making a “parallel” watchdog that will monitor abusive IPs, dropping their connection and banning them at Cloudflare’s edge, this requires extra development on our side but kind of guarantees actual mitigation because the first HTTP request does need to go through Cloudflare.

3 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.