Traffic been misjudged as HTTP DDoS

Hi I have been hosting my application on cloudflare for almost two years. Since 3/4, I noticed there were a huge traffic flow. But the unique user counts from analytics is identical as usual.

After took a look at firewall panel, there are a lot of HTTP DDoS traffic.
But it turns out all traffic are just user posting data which is exactly what it’s supposed to do as usual.

Is there any way to avoid this kind of misjudgment from cloudflare? Thanks a lot.

Hi @previa, thank you & sorry for the issue you observed. The team investigated this issue believe that it is most likely an attack. I will report this via a Support ticket and share the details with you privately.

Hi, I am wondering you guys have any idea why this was happened? I have already fixed it by manually add firewall rules to allow traffic to fix problem. If you have any idea to fix this without manually adding rules to firewall please let me know. Thanks.

Hi @previa, did you receive a copy of the ticket regarding this? Seems it was most likely a legitimate attack and may still be. However, the reply from Support from 7 hours ago indicates the domain has been moved, you’ll need to open a ticket from the account that currently owns the domain, please reference the existing ticket for the engineers to see the existing ticket and please share your new ticket number here as I’d like to track it.

Hi cloonan,

I don’t know how to create a ticket because ticket number 1850801 is not created by me.

Please kindly correct me if I am wrong about this. And those traffic are not ddos i am sure about that.

currently new account also face same problem and this add firewall rules doesn’t work. Do you know any way to bypass the ddos check by cloudflare ? Thank you so much.

Hi Cloonan,

May I have the opportunity to explain why this is not a attack to you ? Those post requests are the user logs

from our customers. Our applications will collect user activities just like google analytics. Due to misjudge of

those traffic, we have lost lots of data…

Very appreciate you help on this. Thank you.

This is how i fix this misjudgement previous by adding rules in firewall to allow all kind of traffic.But after i transfer this domain to another account this is not working anymore.

I am very sure those traffic are not HTTP DoS. Traffic still misjudged as HTTP DoS After I turn off Web Application Firewall from cloudflare and add rules to allow all. post/get traffic. Is there any way to turn off this kind of misjudgement. Thank you.

I created that ticket to share the details. To create a ticket, login & go to https://dash.cloudflare.com/?account=support and select get more help. You’ll need to create it from whatever account currently has the domain active. Reference the above ticket so support connects them. Please give Support a link to this Community post and share the ticket number here. If you receive an automatic response that does not help you, please reply and indicate you need more help.

Hi cloonan,

Thank you for your guide. I have create a ticket in here: https://support.cloudflare.com/hc/zh-cn/requests/1862730.

Appreciate your help. Thanks.

1 Like