Mitigate DOS or Bruteforce

Hi I’m new to Cloudflare, using a free plan. I would like to know how can I mitigate DOS or brute force types attacks and how to block malicious IP’s or attempts?

Is there a way I can identify the visitors IP’s with the free plan?

Thanking you in advance for the support.

Hi @manou,

You get DDoS protection by default, if your domain is proxied (:orange:). As for brute force, is this a login page you’re trying to protect? If so, you may want to add a challenge or possible consider rate limiting (paid feature) there. You should also consider if people can bypass Cloudflare and access your origin directly and whether you want to prevent that by using something like Argo Tunnel or limiting access to Cloudflare IPs.

You can see the IPs of any blocked/challenged requests in the firewall events log.

1 Like

Hi @manou!

Please see Responding to DDoS attacks – Cloudflare Help Center

Please see Restoring original visitor IPs – Cloudflare Help Center