Huge performance issues despite DDoS mode + rate limit

What is the name of the domain?

exammmmmple.com

What is the issue you’re encountering

repeted downtimes, related to cpu spikes

What steps have you taken to resolve the issue?

despite recently activating cloudflare’s DDoS mode + rate limit, my site has encountered increasing performance issues and downtimes related to CPU spikes, site currently crashes multiple times an hour and every times it takes several minutes to come back

what I have tried
-Under Attack mode (non stop)
-Rate limit (7 hits per 10 seconds)
-Challenge all known bots except google
-Heavy filtering of Hosting ASN

despite all this and despite ever decreasing legitimate trafic, the downtime of my dedicated servers keeps increasing every day
what the ■■■■ is going on ?

Set some firewall on the host origin like UFW and allow only yourself temporary.
Lock your host and allow only Cloudflare IPs to connect:

Make use of the Cache if possible on the host, or configure it at Cloudflare:

I guess, if not some malicious or nulled theme if you’re using WordPress, you’d have to track & trace a bit those requests using Security → Analytics & Security → Events from the Cloudflare dashboard.

You can temporary override your DDoS and set to “Block” action and sensitivity “High” to prevent further damages while working on figuring out how to create your Custom WAF Rule to block those requests without enabled Under Attack Mode and get your Website working back again while the attack is still ongoing.

Free plan is able to block quite a lot of requests and keep the Website running with the 5 WAF rules available including Rate Limiting:

Article about Custom WAF Rules:

Helpful article:

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.