Site got attacked, 2 IPs ate all our bandwidth. How do we stop this via Cloudflare

Hello all, I am having a drastic issue with my website.

It seems one or two IPs last night just ate all of our bandwidth despite us using Cloudflare, and I still don’t know how. I believe it was a targeted attack, and I want to prevent it in the future.

How would I go about doing this in Cloudflare?

Thanks in advance for any reply.

For reference, here are some attached analytics of what occured yesterday:

Create a WAF Custom Rule matching the IPs you think are attacking your website.

That could work for one IP, but I fear this could happen again. Is there no way to detect this pattern of high usage and then block the IP automatically?

Check the documentation for Rate Limiting:

1 Like

I tried to use that, but it’s excessively limited. I set it so 30 requests in 10 seconds from a URL that was not /boogers (random silly url to cover the whole website in a not expression, idk why URL is necessary to specify) locked out the user, but that started to lock normal users out too for normal traffic. I don’t understand why.

You need to have an idea of how many requests occur per page. With enough elements, you could pass that limit with one page view. You probably need a higher limit.

1 Like

Further to what @epic.network has mentioned, I’d say you need to familiarize yourself with the many possibilities of Cloudflare WAF, as well as with the pattern of the suspected attack (user agent, IP addresses, query strings, and so on). While Rate Limiting can prevent spikes, there’s no magic bullet, and no matter what level you set it to, it may block/challenge legitimate requests. It’s your website. Get to know it well. Cloudflare offers you a toolbox. Get to know it well.

3 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.