We are using Plesk to hosting WordPress website, the Plesk logs sometimes showing around 100 GET access with different IP in one sec, now the website sometimes cannot access with Error 521 of Cloudflare page.
If I first time to open the website, it will showing Error 521 of Cloudflare page, after refresh will be normal.
this rule does not protect you,
for example the attacker has 20k bots,
If 20k 1 socket connection sends 2 requests per second,
your rule doesnât work and 20k*2req=40,000 requests hit the web server in 1 second.
Your web server or running code structure, for example, how many requests will respond in seconds, without destroying server loads.
My site is constantly attacked 24/7,
I think you should apply a different method, I am sharing the attack graphics below.
Despite the Cloudflare plan we are using, Iâd say using multiple ways and different types of available features available to us at Cloudflare dashboard.
Ensure your hostname(s) are proxied at first.
Lock down and allow only Cloudflare at your host origin:
If I may add here as a really good reference for further cases in terms of security and protection with Cloudflare from my colleague @jnperamo:
Well, depending on the attack type, if user-agents, crawlers, ASNs, etc., there are few I would recommend to add to your Firewall Rules, like the posted here:
Nevertheless, do not forget and properly setup the Cache for your website which can help leverage the load and tasks your server has to do for each request:
Since youâre using WordPress, Iâd suggest my post here as it contains a lot useful stuff:
Regarding bots:
Last but not the least, kindly see more by reading Cloudflare articles which contain a lot of helpful information for better understanding and usage as well in terms of Security and Protection measurements and available tools for us:
at first.
:
