my site is in paid plan, I got ddos attacked and my site was down for 30-40 minutes, before I was able to identity it and tweaked some settings
by using rate limiting, creating a few Access Rules and adding more servers
- why cloudflare didnt “stoped” the attack by default?(no complaining just want to learn for next time) the attack still going on and I don’t think cloudflare identify it has an attack(the requests per hour was up from 10k to 24m)
- the attack was very easy to identity the problem is CF only give me tools to block by user agent but they actually used similar refer string is there any tool that I missed to block by referrer patterns?
- does the Requests Through Cloudflare graph also included traffic that was filtered out by the challenge page?
- is there any alert mechanism I can use to alert me when rps go beyond some threshold?
Thanks a lot to cf my site working as normal without any slowness although the attack is still going on