Since 2-3 days my website is being attacked and CF doesn’t do anything against it. I’ve also got the Pro Business plan and set up the WAF on highest security and made a rate limiting rule of 12 requests per minute. Are my settings wrong or why doesn’t anything work?
What kind of attack? Some attacks just look like a site that’s getting a lot of traffic that shouldn’t get blocked.
First time he did a POST attack on our login page. After that he did a GET attack on our index page. So basically a layer 7 attack.
We had this mode enabled for a whole day and he still got through.
OK, that’s possible.
How quick are you spammed? How many different IPs? Do you have any logs?
Apache logs of a few seconds from when it happened:
There are the origin IPs visible. Is this intended? Do you extract them?
I’m using mod_Cloudflare which shows the real ips.
The rate limiting rules do appear to be working. You can increase the amount of time they are banned.
This topic was automatically closed after 14 days. New replies are no longer allowed.