Still getting DDOS'ed?

I have the Pro Plan for Cloudflare running, yet every other week we get a day or two at peak times where we get hit by DDOS attacks on our magento ecommerce site.

Usually these IPs are from Europe (Germany), though last week we had proxy IPs from the USA and IPs from the Philipines. Usually these attacks are enough to slow down our sales by half or take down our sites for 10-30 seconds at a time.

The number of attacks we’ve been having as definitely gone down since we implemented Cloudflare 3-4 months ago, but some are still getting through. Currently we’re manually blacklisting Ips via httaccess to block these IPs, but this requires us to be vigiliant in checking for attacks manually. Is there anything we can do? A setting somewhere in cloudflare? Would upgrading to the business plan help?

Here’s an example from last week - usually we have about 100 to 200 user sessions at a time, but this attack caused these to go to 600+


Instead of blocking individual IPs, you may want to try challenging (Captcha) all countries that are not relevant to your business, with an exclusion for some “good bots”, such as Google and Facebook.

If your business for instance has customers in the US and Canada only, you could try creating a Firewall Rule:

And of course if you prefer you can block or challente the IPs/ASNs individually, using the Firewall > Tools > IP Access Rules. This would mean the requests are stopped by Cloudflare as opposed to by your server’s .htaccess.

1 Like

Hi, thanks for the helpful reply.

The majority of our business is in the USA, UK, Canada and Australia, so will try enabling captcha for other countries. Though we did get hit by an attack last week with USA IPs but that was the first time it was from one of the four aforementioned countries.

Would you think the web application firewall feature in the business plan would be of help? Not exactly sure what it does, but at a $20 vs $200 price point for the business plan vs the pro, it must be of use?

Kind regards

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.