To have DDoS Alerts triggered below <2k rps

According to the Cloudflare Support KB:

https://support.cloudflare.com/hc/en-us/articles/360053216191-Understanding-Cloudflare-DDoS-alerts

Cloudflare issues DDoS alerts for

  • HTTP attacks for a duration over 2 minutes that generate more than 2,000 requests per second
  • L3/L4 attacks for a duration over 2 minutes that generate more than 20,000 packets per second

Are there any plans to reduce the threshold so that we can also receive an alert if there’s a DDoS attack that generates more than 500 requests per second for example?

Recently one of our websites got hit by a HTTP DDoS attack, although Cloudflare mitigated it but we did not receive any DDoS alerts because the attack was about 900 rps.

Hopefully this is something Cloudflare can consider implementing.

I was shocked when I saw that limit. It’s weird that Cloudflare detects and mitigates attacks of any threshold but doesn’t send you alerts unless they have that volume of traffic.

We faced similar attacks, and the website behind CF wasn’t available, but nobody in our team took any action because we didn’t receive any alert.
We had to set up a third-party monitor that creates alerts on pagerduty. Our customers’ websites might become unavailable due to external factors to attacks, and we would still be notified, but it’s the best alternative I found.

I hope that this gets some attention because it’s likely an issue for more people but is ignored because it’s odd to be affected by it.

3 Likes

3 posts were split to a new topic.