I have this wonderful idea but I’m not sure if it’s a good idea or not.
Suppose I have this page rule in place… .example.com/ Redirecting to… http://nope.example.com
I have an A Name pointing “nope” to the 1.2.3.4 IP address.
If activated, ALL traffic going to the website will be redirected to the null address. In other words, it creates a black hole. Granted, the attackers win because the website goes down, but in my case it would be more prudent to sit it out than rather than allowing the attack to continue as I do not run any essential services. In any case, my interest is not about the logic of blocking any and all traffic versus letting Cloudflare deal with it via proxy. The big question is…
Will this, due to the repeated and failed redirect attempts, increase the traffic load on the botnet?
If that DNS record is proxied, that IP address will never show up and requests will still go to Cloudflare, only Cloudflare wont be able to forward the request.
In case of an attack, you best make use of the Cloudflare tools to mitigate that attack. Check out firewall rules for example.
Right. So in theory, if I’m right, each client in the botnet will make even more attempts to connect to the target due to the recursive redirect. Surely this would increase the amount of work of the clients. But would it be significant?
That is a lot of speculation and fully depends on their setup. Also, it is assuming they follow that redirect. The easiest thing might be to change your original record’s IP address to that address and then unproxy.
Again, this is not really the right approach and overall a topic better for a general security forum.