Questions regarding Cloudflare L7 DDOS ruleset

I have a few questions on Cloudflare’s L7 DDOS ruleset:

  1. How do I confirm if the feature is working as intended? I have the ruleset action to “managed challenge” and the “ruleset sensitivity” to default, however, making a request for the test rule “will quickly block URI containing 'blockme=…” gets me a response from the origin server.

  2. Do the requests blocked/challenged by this feature appear under “Firewall Events” in the Cloudflare console?

When DDoS managed rules kick in, you usually receive a DDoS Alert (if the attack threshold surpasses 2k rps for over 2 minutes).
If the attack is smaller than that, but the DDoS managed rules kicked in, you would see an alert on your dashboard.

As their name says, the managed rules are managed, so you don’t need to confirm whether they are working; if you can see them, they are enabled.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.