I am getting ddos above 100GB

Answer these questions to help the Community help you with Security questions.

What is the domain name?

Have you searched for an answer?
yes , i added waf rules to block all counties and except saudi arabia
also add min score

Describe the issue you are having:
the waf is not blocking counties but the min thread score is blocking but not all traffic

What error message or number are you receiving?
securtiy center Infrastructure showing the waf in domain is off

What steps have you taken to resolve the issue?

  1. add another rules
    2.turn off the rules then turn it back
  2. clear cache

Are you sure the connections are coming through Cloudflare or are there direct IP connections?

yes they use a get requset with random /?[random 8 to 12 string and number]

How are you seeing these requests reach your server? Are there access logs showing Cloudflare IPs?

yes around 4k ip from diffrent locations some aws some tor some digtalocheans

i am under attack or bot did not work only threat score manage to reduce last attack from 68 to 32 gb

How have you confirmed this? Does your origin block connections from non-Cloudflare IP addresses?

1 Like

Helpful article:

If you’re not on AWS block it by the ASN with the IP Access Rules, at least temporary.

Amazon.com Tech Telecom



How to:

Last but not the least, kindly see more by reading Cloudflare articles which contain a lot of helpful information for better understanding and usage as well in terms of Security and Protection:


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.