The attack is coming and cloudflare does not block it. Help me

Hello,
My service has been under intense attack for the last week. In particular, it started around 19:00 yesterday and continued into the night hours until we lost 3 customers. As soon as they start attacking, my OVH server crashes. Access to all sites on the server is interrupted. Cloudflare almost doesn’t block it.
There were 2 billion queries. This is not normal and how can this not be detected? There are parts it blocks, but most of it passes.

What I did on the Cloudflare side;
Under attack mode has been activated on all sites.
Bot Fight Mode has been activated on all sites.
DDoS in the Security tab has been activated.
Rate limiting rules have been activated to block 500 requests in 10 seconds.
In WAF, Threat Scores above 3 were blocked, and those with Threat Scores greater than or equal to 0 were made JS Challenge.

The attacks come from very different ropes and different rope blocks, so I cannot restrict the rope.
Since the sites that were attacked are sites that also have a foreign audience, I cannot completely block them from abroad.

Sometimes, even while entering the site, I receive a warning that you have been blocked, but somehow, while millions of requests are coming in, they can access the site without being blocked and consume the server resources.

I really don’t know what I should do anymore. I started losing customers. I need help.

Make sure your site’s domain and subdomains are actually proxied so all traffic passes through Cloudflare.

Check if any requests are going direct to your origin server, bypassing Cloudflare. (If you have a mail server on the same IP address, this may be giving away your origin IP address).

Under attack mode will challenge every request going through Cloudflare so should the bots. Then follow the advice here to tune the WAF for your attack…

2 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.