I just had my site attacked by a DOS approach where they slowly sent me a bunch of 400GB POSTs to a random non-404 URL on my server. I think they were sent simultaneously and slowly in an attempt to run me out of disk space. It did not work, but got me thinking about a page rule to basically disallow certain methods. The obvious filter would be like:
example.com/static/* disallow POST,PUT,DELE
I think this would be low cost for Cloudflare to implement - would save storage and bandwidth everywhere, make the POST big files DOS much less fun.
Yes, I can do this with .htaccess files littered throughout my application - but it seems like a nice idea for a page rule.
Sorry to hear you experienced an attack. There are actually a few ways that you can achieve this today, namely:
(Pro+) The Web Application Firewall has a rule (100040) which blocks
POST requests to
(Biz+) A custom Web Application Firewall rule can be requested which blocks
POST requests to a specific URI
2.1. Information on requesting a custom rule: https://support.cloudflare.com/hc/en-us/articles/200172026-What-kind-of-requests-does-the-WAF-work-on-
(All) A Rate Limiting rule which blocks or challenges
POST requests to a specific URI when they send more than X requests
3.1. Information on implementing a Rate Limiting rule: Advanced Rate Limiting | Stop Abusive Application Traffic
If you have any questions about the above, or run into any issues, let us know and I am sure either myself or someone else can help you achieve what you are looking to do!