Can Cloudflare protect me against DDoS attacks?

A DDoS attack (Distributed Denial of Service) is an attack that seeks to make an online service unavailable to it's end users. It can do this by using multiple machines to force a site to consume more resources than it has available to it, therefore leading to user requests being denied. These resources can be anything from CPU cycles to consuming all the bandwidth available to a site. In some instances these attacks are launched to extort money out of a site administrator.

Cloudflare's network is built to mitigate large DDOS attacks and can help mitigate and protect against many DDoS attacks. Cloudflare has a track record of defeating DDOS attacks, including attacks above 500Gpbs. If you are having issues with DDoS attacks, here are some quick tips that can help mitigate an attack:

1. Enable Cloudflare's "I'm Under Attack Mode" in your Security Settings. All CloudFlare Plans have unmetered mitigation DDoS Protection, without fear of being dropped.

2. If you don't want to enable "I'm Under Attack Mode", because some visitors with JavaScript and Cookies disabled won't be able to access the site, then you can change your Basic Security Level in your Cloudflare settings to High. A 'High' security settings will challenge more visitors coming to your site, and will thwart many visits from a botnet from even hitting your server.

3. If you know which countries are sending most of the bot traffic to your site, you can block them in your Cloudflare Threat Control panel. A block will challenge all visitors from that country, which means only visitors that pass the captcha can enter your site. You also have the option of blocking by individual IP, IP ranges or ASNs in your Threat Control panel, if desired.

For more detailed steps, please follow the instructions in the tutorial: I am under DDoS attack, what do I do?


Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Powered by Zendesk