Cloudflare seems to think only in terms of 1 domain features. What if you have hundreds or thousands of domains? What if a DDOS attack is running down a list of those many domains they likely got from a nameserver database?
Cloudflare recently allowed a massive swarm from Google Networks to hit hundreds of domains simultaneously, which cloudflare knows the end-point is a single IP, and can see there were thousands of 404s being returned, but just let it all ride on through.
I would imagine cloudflare, to live up to its own standard, would likely monitor DDOS attempts not per-domain, but per destination IP, since its their OWN PROXY that facilitates the DDOS. I could not block the attack because it was CLOUDFLARE relaying it.
What would Cloudflare expect, that I manually go click “under attack” across hundreds of domains?
This is a pretty clear shortcoming I would think?