0

I’ve experiencing DDoS attack today and I’ve configured Cloudflare rate limiter, also activated WAF. Cloudflare blocked several hundred thousands request. Unfortunately, my server still experiencing pretty high flood request. I don’t know why it passed Cloudflare, even if I’ve setup rate limiter.

At last I forced to disable Cloudflare proxy and let AWS Web ACL handle it. Did I miss something here? Please help. I really want to use Cloudflare since AWS Web ACL pricing just not suite well with my current financial (small startup).

Putra
  • 1
  • 1
  • 1
    Does this answer your question? [I am under DDoS. What can I do?](https://serverfault.com/questions/531941/i-am-under-ddos-what-can-i-do) – Gerald Schneider Jan 17 '22 at 10:17
  • What is an "AWS Web ACL" - which service are you referring to? AWS WAF? AWS NACL? Dealing with these things in layers may help. Do you have your server security groups set up so only CloudFlare IPs can reach the server? If you haven't done that anyone can hit your server directly rather than via CloudFlare https://www.cloudflare.com/ips/ – Tim Jan 17 '22 at 16:59

0 Answers0