I have the Pro Plan for Cloudflare running, yet every other week we get a day or two at peak times where we get hit by DDOS attacks on our magento ecommerce site.
Usually these IPs are from Europe (Germany), though last week we had proxy IPs from the USA and IPs from the Philipines. Usually these attacks are enough to slow down our sales by half or take down our sites for 10-30 seconds at a time.
The number of attacks we’ve been having as definitely gone down since we implemented Cloudflare 3-4 months ago, but some are still getting through. Currently we’re manually blacklisting Ips via httaccess to block these IPs, but this requires us to be vigiliant in checking for attacks manually. Is there anything we can do? A setting somewhere in cloudflare? Would upgrading to the business plan help?
Here’s an example from last week - usually we have about 100 to 200 user sessions at a time, but this attack caused these to go to 600+ https://imgur.com/a/wARj7Tw