Being DDoSed
I've got a friend to DDoS me, but my site is still going donw.
Security level is on high, all dns are proxied?
Why is thhis?
5 Replies
Are you sure they aren't bypassing your origin? Did you make sure to only allow CF IPs and not leak your origin/rotate if it was exposed before: https://developers.cloudflare.com/fundamentals/basic-tasks/protect-your-origin-server/ ?
Cloudflare Docs
Protect your origin server · Cloudflare Fundamentals docs
Your origin server is a physical or virtual machine that is not owned by Cloudflare and hosts your application content (data, webpages, etc.).
Well I gave him the URL, no IPs have been leaked.
Security level is merely IP Reputation
If you are under attack, you can enable Under Attack Mode to challenge everyone and protect your origin, or craft more specific firewall rules to challenge just the bad traffic
I'll look into that...
https://community.cloudflare.com/t/mitigating-an-http-ddos-attack-manually-with-cloudflare/302366
Cloudflare's automated ddos protection samples a small amount of requests to inspect for ddos attacks. Some systems are 1% of requests, some 0.1%. And you'd need it to sample enough requests to see a pattern/malicious activity, can be quite a lot needed. Depending on how powerful your origin is/how expensive each request is, there's a decent sized window of attacks which are way too small for CF to notice at it's scale (no chance of hurting it) but enough to hurt your origin. If you get a big enough attack, CF will do stuff to protect it's own infrastructure and mitigate, some are just too small for them to detect/care about though.