Our website maybe attacking by HTTP flood attack

Despite the Cloudflare plan we are using, I’d say using multiple ways and different types of available features available to us at Cloudflare dashboard.

Ensure your hostname(s) are proxied :orange: at first.

Lock down and allow only Cloudflare at your host origin:

If I may add here as a really good reference for further cases in terms of security and protection with Cloudflare from my colleague @jnperamo:

Well, depending on the attack type, if user-agents, crawlers, ASNs, etc., there are few I would recommend to add to your Firewall Rules, like the posted here:

herefore, some Firewall Tips are published here:

Using the search :search: :

Nevertheless, do not forget and properly setup the Cache for your website which can help leverage the load and tasks your server has to do for each request:

Make sure your site is fully secured (HTTPS) using Full (Strict) SSL:

Make sure to protect your admin / login page using Cloudflare Zero Trust / Access:

https://www.tuonetti.fi/en/cloudflare-access-guide/

Since you’re using WordPress, I’d suggest my post here as it contains a lot useful stuff:

Regarding bots:

Last but not the least, kindly see more by reading Cloudflare articles which contain a lot of helpful information for better understanding and usage as well in terms of Security and Protection measurements and available tools for us:

1 Like