I am writing here because we are desperate. It is since 1 month that we are suffering ddoss attack (100M request in few min) which crash our server.
Well, I have tried to mitigate several times the attack using WAF rules which I never disable and put the security of Cloudflare as: " I am under attack! "
I use several WAF rules. Example of today:
I crated a WAF for all country, to block certain countries (like 30% worldwide) and the rest i have added JS Challenge (70% rest of the world). All countries were under WAF settings, but the server did not last even 5 minutes after they started the attack everything was down.
Now, my ISP has opened a ddos complain and they want to close my server due to high ddoss attack in small period.
What should I do? Is it possible that Cloudflare does not help at all when somebody sending a big attack? I dont’ even know if it is big attack, I can just see that requests blocked are between 100M to 200M, and…today, almost all requested was blocked by WAF but was not enough, server crashed again.
Please, help me to setup the right protection in order to not face such issues, anymore.
Note that it’s not uncommon for attacks to go through the JS Challenge nowadays; it would help us diagnose the issue better if you shared more information of the attacks.
The WAF > Overview is a good start