we are growing rapidly ( 0-1 million users in 20 days ) and we are in eye of many hackers now ! we started getting smaller attacks intially which we learnt to stop ,but now we keep getting different type of attacks.
AWS has taken down our server after the recent massive HTTP DDOs we suffered ,
we saw about 10 MIllion HTTP DDOS requests in like 20 mins and the server was taken down by AWS
Cloudflare claims to stop all these type of things but looks like it doesnt
I suspect you’re into the range of needing an enterprise account and the related services. Layer 7 attacks are a complicated mess to handle gracefully without inconveniencing users (CAPTCHAs and such), and at the scale of legitimate traffic you are describing you’re into the range where expertise is needed.
Cloudflare offers a number of tools and resources for dealing with DDoS attacks. You didn’t mention any steps you had taken to implement any of them so it’s impossible to say however they include:
Ensuring your origin IP is protected via
Restricting application to your application from non-Cloudflare IPs.
Intelligent caching strategies
IP Address/ASN/Country restrictions/blocks/captcha
User agent blocks
IAUM
WAF
Firewall Rules
Rate Limiting
Bot Fight Mode
Bot Management
Access
Spectrum
Custom Cache Rules
Almost all of those features are available on plans other than Enterprise.
