Over the past two weeks we’ve seen an odd attack that Cloudflare is passing to us. We normally deal with 6.5 Million requests per day via Cloudflare but somehow someone is throwing 20 Million at us in an incredibly short time choking our Nginx temporarily. Whatever this is does not seem to be a bandwidth based attack its just pulling data at a rapid rate.
We’ve checked the CF WAF and there does not seem to be anymore we can do with that to help.
CF Rate limiting is not really cost effective (for us) with the amount of requests we have as for 201m / into 10k blocks x 0.05 would be $1,000 p/m for an annoying blip now and then.
Before we spend the time jerryriging the I’m under attack API to something to detect this does anyone have any idea what the heck this is?
thanks in advance