Permanently under attack. CF doesn't help at all


Since 2-3 days my website is being attacked and CF doesn’t do anything against it. I’ve also got the Pro Business plan and set up the WAF on highest security and made a rate limiting rule of 12 requests per minute. Are my settings wrong or why doesn’t anything work?

Hello cloudflare does not filter traffic . Ddos

What kind of attack? Some attacks just look like a site that’s getting a lot of traffic that shouldn’t get blocked.


First time he did a POST attack on our login page. After that he did a GET attack on our index page. So basically a layer 7 attack.


Activate I am under attack mode. More info how it works and read this one also.


We had this mode enabled for a whole day and he still got through.


OK, that’s possible.
How quick are you spammed? How many different IPs? Do you have any logs?


Apache logs of a few seconds from when it happened:


There are the origin IPs visible. Is this intended? Do you extract them?


I’m using mod_cloudflare which shows the real ips.


The rate limiting rules do appear to be working. You can increase the amount of time they are banned.

closed #11

This topic was automatically closed after 14 days. New replies are no longer allowed.