Few like 1-10, or 100-500?
Are these maybe the crawlers or bots? Did you analyze your web traffic?
Are the naked domain and www DNS records proxied? ( cloud)
Bypassing, does this mean like comming directly to your server IP address?
Make sure to protect your admin / login page, if you have one.
Well, depending on the attack type, if user-agents, crawlers, etc., there are few I would recommend to add to your Firewall Rules
, like the posted here:
If you need to block requests and traffic to proxied DNS records () to all compatible and supported Cloudflare port’s except port 80 and 443, use the below Firewall Rule:
(http.host contains "yourdomain.com" and not cf.edge.server_port in {80 443})
- Source: Can we block a request to hostname:port with Free plan using Firewall or Page rule? - #6 by fritex
If using cPanel or some other, which is working over 2083, etc, the above one is good, while also the other could be combined as well (you could allowlist and allow only your IP if you need to access cPanel interface):
(http.request.uri.path contains "cpanel") or (http.request.uri.path contains "plesk") or (http.request.uri.path contains "whm")
If using WordPress, consider to add something to your Firewall Rules from below links (including wp-login.php and xmlrpc.php):
-
https://www.kazimer.com/how-to-protect-wordpress-with-Cloudflare-firewall-rules/
-
How to Use Cloudflare Firewall Rules to Protect Your WordPress Website - Silva Web Designs
Therefore, some Firewall Tips are published here:
Using the search :
Nevertheless, do not forget and properly setup the Cache for your website which can help leverage the load and tasks your server has to do for each request:
Make sure your site is fully secured (HTTPS) using Full (Strict) SSL:
Furthermore, may I suggest you reading articles from the below:
https://support.cloudflare.com/hc/en-us/articles/115002059131-Understanding-your-site-protection-options
https://support.cloudflare.com/hc/en-us/articles/200170196-Responding-to-DDoS-attacks
https://support.cloudflare.com/hc/en-us/articles/200170166-Best-Practices-DDoS-preventative-measures
https://support.cloudflare.com/hc/en-us/articles/200172676-Understanding-Cloudflare-DDoS-protection