our site on free plan of cloudflare . Is "Im Under Attack Mode " can protect us from every http flood attack ?
So … this feature can mitigate vast flood HTTP attack . correct ?
what is the difference between this feature and flood http attack protection on business or enterprise plan ?
There shouldn’t be any difference, the only difference may be on extremely large attacks. The Enterprise plan will have also different kind of attack protection.
the “flood attack” is called layer 7, the best tool in cloudflare against layer 7 is the “rate limiting” which is cost money but can be activated in all plans.
if you don’t want to enable it your other options is to observe your logs and create smart firewall rules, IP Access Rules, User Agent Blocking, Page Rules and caching rules but they are not “automatic” and they should be created manually to defend against specific attack.
the other problem is to create this rules you need knowledge, and you get it from the server logs, but under attack your server may be down and you don’t have access to your logs, so your other option is to use the worker service and create a worker which collect logs data for you(but it also paid feature), you can use this worker if you need help https://github.com/boynet/cf-logdna-worker
I dont 100% understand cloudflare pricing but it seems that from the business plan you get “Advanced DDoS support”:
Backed by a full SLA, our DDoS experts will keep you online 24/7/365 no matter the size, type, or duration of the attack.
so I believe that from business plan they will write the proper rules to stop the attack for you but talk with them about it they also have a button named “Under Attack?” it could be worth to click it and talk with them