Wrongly detected HTTP DDOS attack for real users

Hi all,

I am routing my web via Cloudflare and when I restart server there is like 2-3 minutes downtime. During this time all the user’s clients are trying to reconnect and are doing lot of ajax requests. The problem is, Cloudflare detects them as HTTP DDOS attack and tries to challenge them with Captcha. But this does not work, those ajax request are not html web, so people can’t see the Captcha. They are denied to use my server and they have to wait for up to 60 minutes till Cloudflare detects there is no DDOS and stops blocking them. How to prevent this? I tried to set “Under Attack Mode” to On and off, but it didn’t help. Is there a way how to manually force cloudflare to prevent checking my traffic for DDOS? Or can I somehow solve this with firewall rules? And why does this started to happen last 2 weeks? I am using Cloudflare for years and this was never problem before. Is there any way how to do it? Disabling temporarily routing via Cloudflare is not a solution for me. I can’t afford to reveal real IP of my server to the attackers.

Thanks

Take a look at the Firewall Events Log. Hopefully it shows the blocks, and the rule that’s blocking those.

HI tahnk you for the answer. Yet it shows who and why it is blocking. But how do I prevent it to do so? There is written Http DDOS rule, so it means loudflare decided it is an attack. How can I force cloudflare to stop blocking it?

Open a ticket and see if Support has any suggestions. Let them know the specific rule that’s being triggered.

Login to Cloudflare and then contact Cloudflare Support by clicking on the Get More Help button.

This topic was automatically closed after 30 days. New replies are no longer allowed.