Understanding Cloudflare DDoS protection

Learn how Cloudflare protects against DDoS attacks and how to identify if your website is under attack.


Distributed Denial of Service attack (DDoS) seeks to make an online service unavailable to its end users.  For all plan types, Cloudflare provides unmetered mitigation of DDoS attacks including DNS attacks, and network Layer 3, 4, and 7 attacks. Cloudflare does not bill by attack size and does not have a cap on attack size, type, or duration.

Cloudflare's network is built to automatically monitor and mitigate large DDoS attacks. Caching your content at Cloudflare also protects your website against small DDoS attacks, but uncached assets require additional manual response to DDoS attack.

Learn more about Famous DDoS Attacks and DDoS at the Cloudflare Learning Center. You can also review DDoS case studies in the related resources section at the end of this article.

Determine if you are under DDoS attack

Common signs that you are under DDoS attack include:

  • Your site is offline or slow to respond to requests.
  • There are unexpected spikes in the graph of Requests Through Cloudflare or Bandwidth in your Cloudflare Analytics app.
  • There are strange requests in your origin web server logs that don’t match normal visitor behavior.

If you are currently under DDoS attack, refer to our guide on responding to a DDoS attack

Is Cloudflare attacking me?

There are two common scenarios where Cloudflare is falsely perceived to attack your site:

Ideally, because Cloudflare is a reverse proxy, your hosting provider observes attack traffic connecting from Cloudflare IP addresses. In contrast, if you see connections from IP addresses that do not belong to Cloudflare, the attack is direct to your origin web server. Cloudflare cannot stop attacks directly to your origin IP address because the traffic bypasses Cloudflare’s network.

If an attacker is directly targeting your origin web server, request your hosting provider change your origin IPs and update the IP information in your Cloudflare DNS app. Confirm all possible DNS records are orange-clouded and that your name servers still point to Cloudflare (unless using a CNAME setup) before changing your origin IP.

Related resources

Case Studies:

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.