@kf1, I know you said you already have under attack mode enabled. What is it you’re trying to gain from a paid plan? Is there any more info you can share about the attack that we may be able to help with? Feel free to open a topic in #security about the issue.
One thing that will help massively is looking through the attack traffic and seeing if there are any patterns such as country, ASN, User Agent etc. in the requests and then blocking or captcha challenging them.
If you cannot see a pattern, you can try it the other way around, captcha challenge everyone and then look for patterns in your legitimate traffic and allow that through.
You can do this using firewall rules on the free plan.
Not quite, the WAF is made to prevent vulnerabilities and other attack vectors, however, HTTP/S DDoS attack mitigation isn’t a core feature of it. It MIGHT help under some DDoS attacks but chances are that you won’t get a difference if the 5-second page didn’t help.
Your best bet in this case are firewall/access rules and rate limit.
I really insist because I don’t want you to be disappointed once you get your upgrade, if you need further HTTP DDoS mitigation, what you have on the free plan is what you will have on any paid plan. The main difference is the number of rules you can deploy.
I checked both your ticket and your account, and I do see that you were able to successfully place an order today. If you continue to see an issue, please reply to the ticket so that our team can investigate and give you answers directly.