I am sorry if this post should go under “uncagegorized” or not… as I am unsure. Please move it to applicable forum if it is so…
Scenario: We have a website that was targetted by attacker using SYN flood on port 80 and 443. The attacker targetted our server and the server load spiked. The attacking IP’s were random and from different countries and network
We implemented Cloudflare and enabled “Enabled Under Attack Mode”. Still he was able to target our website and we were noticing the traffic coming in to our server through Cloudflare IP’s and overloading server.
Finally we managed to find that the attacker was hitting us while targetting packet length value. We restricted the packet length in firewall and attack seem to hve mitigated.
So my question is, why Cloudflare was not able to mitigate the attack from so many IP’s. How was he managing to bypass Cloudflare?
Is there any CF setting that I can do to prevent such attacks in future?