According the IIS logs the _cf cookies used several times for bypass js and captcha challenge, Is there any way that I could prevent this kind of attacks in cloudflare?!
What exactly does this mean? How did you establish, based on your logs, that the cookies were reused?
The cloudflare ddos protection can not recognize the ddos traffic, so I force everyone to use captcha challenge using firewall rules but now the attacker can bypass the captcha challenge and I traffics goes to IIS and we get 503 error. I checked the IIS logs and see requests come with the _CF cookies so they use this cookies to bypass cloudflare firewall. Now I need help to know how can I prevent this.
Are you saying you are still getting attacked, even though you are imposing a captcha challenge on every connection?
Assuming that you are referring to Cloudflare cookies, I presume you are receiving them on those requests and, hence, ruled out that the requests bypass Cloudflare and connect directly to your server.
Whats your domain?
–“Are you saying you are still getting attacked, even though you are imposing a captcha challenge on every connection?”
Yes
Whats your domain?
I prefered to not mention that here.
Do you know how I can solve this?
In that case I can only suggest to open a support ticket.
Also, is that correct?
Also, also, how many requests are we talking about? If they manage to pass the captcha they can send as many requests within the challenge passage window. You could try to shorten that window.
Also, is that correct? Yes
In that case I can only suggest to open a support ticket, I already did about 12hr ago.
how many requests are we talking about? Its enough to down IIS more than 65K cuncorent.
You could try to shorten that window: how can I do that?!
Whats the ticket number?
In numbers? A minute.
By adjusting the “Challenge Passage”.
Whats the ticket number?
Request #1756474
By adjusting the “Challenge Passage”.
Where can I find this?
This topic was automatically closed after 30 days. New replies are no longer allowed.