I got ddos attacked and I have few questions


#1

my site is in paid plan, I got ddos attacked and my site was down for 30-40 minutes, before I was able to identity it and tweaked some settings

by using rate limiting, creating a few Access Rules and adding more servers

  1. why cloudflare didnt “stoped” the attack by default?(no complaining just want to learn for next time) the attack still going on and I don’t think cloudflare identify it has an attack(the requests per hour was up from 10k to 24m)
  2. the attack was very easy to identity the problem is CF only give me tools to block by user agent but they actually used similar refer string is there any tool that I missed to block by referrer patterns?
  3. does the Requests Through Cloudflare graph also included traffic that was filtered out by the challenge page?
  4. is there any alert mechanism I can use to alert me when rps go beyond some threshold?

Thanks a lot to cf my site working as normal without any slowness although the attack is still going on :+1:


#2

Hey, I’m just curious, how did you identify the ddos attack?
And how large was the attack?


#3

I said, the requests went from 10,000 to 24,000,000, I added more servers, created some rate liming rules, added access rules for countries which most requests come from, I didnt do anything special most magic done from cloudflare


Having trouble stopping DDOS attacks