Preventing CF from seeing a legitimate traffic burst as DDOS

What is the name of the domain?

rathernotsay.com

What is the error number?

NA

What is the error message?

NA

What is the issue you’re encountering

We have a registration process for an organization that takes place at noon on a single day. It generates a lot of traffic in a very short period of time (usually several hundred to a thousand page requests within a few seconds. CF last year saw this as a DDOS attack and blocked access to our site, prohibiting some people from registering. Will turning off Proxy and using DNS Only prevent this from happening?

It will, but you’ll also bypass protection.

If you can see the events in your logs, note the IP address and create an access rule that allows that IP to access. Events are here, https://dash.cloudflare.com/?to=/:account/:zone/security/events, create a rule here, https://dash.cloudflare.com/?to=/:account/:zone/security/waf/custom-rules,

Set up Firewall Rules: Go to the Security → WAF app in your Cloudflare dashboard and create rules to allow that traffic based on IP address.

Screenshot 2024-02-02 at 4.56.36 PM264×258 8.19 KB

I don’t much care about the protection for that five minute period.

You can unproxy for that time and reproxy if you like by eidt the dns record from to and back to , the rule would allow you to always allow that IP to access (you want it to be the first of you custom rules if you go the allowlist rule route).

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.