Quint
CDCloudflare Developers
•Created by Quint on 10/21/2023 in #general-help
All websites in cloudflare account getting ratelimited incase of DDOS attack
Hi, I own multiple domains and manage multiple services for relatively small businesses / hobby projects. I recently experienced a skid who thinks he is funny that tried stress testing our websites. It was not necessarily with malicious thoughts in mind but more to inform us if something is not able to withstand an attack, altough he does (jokefully?) threaten to take all of our services offline. The skid tried out multiple attacks and I have noticed a couple of things during them. Depending on the size and nature of the attack it seems like different things happen.
1. If an specific endpoint is targeted on the website that specific endpoint will be unresponsive for all users but the other ones (even the ones on the same (sub)domain will stay alive.
2. Sometimes it looks like a (sub)domain gets rate limited, as our other services will continue to be functional.
3. In the case of larger attacks all requests to all services that are owned by our account seem to go unresponsive.
Have I miss diagnosed anything here? I would find it weird that all of our services are unresponsive in case of an attack on 1 domain even if the services are running on different hosts. In our case we have all of our services set up with a zero access tunnel except for a handful which still use normal proxied dns records to our origin server.
And to be clear, this is already so much better then without cloudflare. Our origin server barely notices any (malicious but in this case also legitimate) connections going trough and no hardware of us is put at stress which is very big improvement from previous attacks we have experienced. I was just wondering if there would be something to do so that even if 1 domain gets attacked, still have preferably all, but at least the other domains functional.
11 replies