Cloudflare Docs

DDoS Protection

Cloudflare Docs

DDoS Protection

Overview
Get started
About
How DDoS protection works
Main components
Attack coverage
Managed rulesets
HTTP DDoS Attack Protection
Configure in the dashboard
Configure via API
Configure using Terraform
Rule categories
Parameters
Override expressions
Network-layer DDoS Attack Protection
Configure in the dashboard
Configure via API
Configure using Terraform
Rule categories
Parameters
Override expressions
Adaptive DDoS Protection
Adjusting DDoS rules
Handle a false positive
Handle a false negative or an incomplete mitigation
Advanced TCP Protection
Setup
Concepts
How to
Add a prefix
Add an IP or prefix to the allowlist
Create a rule
Create a filter
Exclude a prefix
API configuration
Common API calls
JSON objects
Rule settings
Mitigation reasons
Advanced DNS Protection (beta)
Best practices
Third-party services and DDoS protection
Prevent DDoS attacks
Respond to DDoS attacks
Reference
Analytics
Reports
Alerts
Logs
Simulating test DDoS attacks
Changelog
Network-layer DDoS managed ruleset
Scheduled changes
2024-03-12
2023-07-31
2023-04-17
2022-12-02
2022-10-24
2022-10-06
2022-09-21
2022-09-16
2022-04-12
HTTP DDoS managed ruleset
Scheduled changes
2024-04-19
2024-04-16 - Emergency
2024-04-04 - Emergency
2024-04-02
2024-02-27
2024-02-26 - Emergency
2024-02-19
2024-02-12
2024-02-08 - Emergency
2024-02-06 - Emergency
2024-02-05 - Emergency
2024-01-26 - Emergency
2024-01-25
2024-01-23
2024-01-05
2023-12-19 - Emergency
2023-12-14 - Emergency
2023-12-08 - Emergency
2023-11-29
2023-11-22
2023-11-13 - Emergency
2023-11-10 - Emergency
2023-10-19
2023-10-11
2023-10-09 - Emergency
2023-09-24 - Emergency
2023-09-21 - Emergency
2023-09-05 - Emergency
2023-08-30 - Emergency
2023-08-29 - Emergency
2023-08-25 - Emergency
2023-08-16 - Emergency
2023-08-14
2023-08-11 - Emergency
2023-07-31
2023-07-17
2023-07-12 - Emergency
2023-07-07
2023-07-06
2023-06-28
2023-06-19
2023-06-16
2023-06-14 - Emergency
2023-06-06
2023-06-05 - Emergency
2023-05-26
2023-05-22
2023-05-16 - Emergency
2023-05-15 - Emergency
2023-05-02 - Emergency
2023-04-27 - Emergency
2023-04-21 - Emergency
2023-04-17
2023-04-03
2023-03-22
2023-03-10
2023-02-28 - Emergency
2023-02-20
2023-01-30
2022-12-07 - Emergency
2022-11-02 - Emergency
2022-10-14
2022-10-06 - Emergency
2022-09-19 - Emergency
2022-09-14
2022-09-13
2022-08-16
2022-08-10
2022-08-02
2022-07-18
2022-07-08
2022-07-06
2022-06-08
2022-06-01
2022-05-12
2022-05-03
2022-04-21
2022-04-12
2022-04-07

Rule categories

The main categories (or tags) of Network-layer DDoS Attack Protection managed rules are the following:

Name	Description
`gre`	Rules for DDoS attacks over Generic Routing Encapsulation (GRE) that usually target GRE endpoints.
`esp`	Rules for DDoS attacks related to the Encapsulating Security Payload (ESP) protocol, which is part of the IPsec secure network protocol suite.
`advanced`	Rules related to features available to Enterprise customers, such as Adaptive DDoS Protection.
`generic`	Rules for detecting and mitigating floods of packets. These rules are useful for mitigating attacks that have no known signatures, but they may also trigger on unusually high volumes of legitimate traffic. To reduce the risk of false positives, their packet per second (pps) activation threshold is higher. These rules rate-limit traffic by default, but you can override them to block traffic if necessary.
`read-only`	Highly targeted rules for mitigating DDoS attacks with a high confidence rate. These rules are read-only — you cannot override their sensitivity level or action.
`test`	Rules used for testing the detection, mitigation, and alerting capabilities of Cloudflare’s DDoS protection products.

There are other rule categories based on the attack vector/protocol, such as dns, quic, and sip. The categories list is dynamic and may change over time.