Struggling to Protect My Website from DDoS Attacks
Lately, my website has been under constant DDoS attacks, and I’m struggling to find an effective solution. Here’s what I’ve tried so far:
1. Allowed only Cloudflare IPs (https://gist.github.com/Manouchehri/cdd4e56db6596e7c3c5a).
2. Enabled WAF rules, including rate limiting and DDoS Layer 7 protection.
Despite these measures, the attacks persist. I’ve heard about Cloudflare Zero Trust Tunnel but am unsure if it will help in my case.
Server Setup:
OS: Debian
Web Server: Apache2
Are the rules effective if I’m not using Cloudflare Zero Trust Tunnel but do allow only Cloudflare IPs? Is there something I’m missing, or are there better approaches to mitigate these attacks? Any advice or guidance would be greatly appreciated.
2 Replies
?ddos
If you are under a DDoS attack then you can take a look at these threads for first steps and help with mitigation:
- https://community.cloudflare.com/t/under-ddos-attack-first-steps/89476
- https://community.cloudflare.com/t/mitigating-an-http-ddos-attack-manually-with-cloudflare/302366