Create a rule
To create a SYN flood rule or an out-of-state TCP rule:
-
Log in to the Cloudflare dashboard ↗ and select your account.
-
Go to L3/4 DDoS > Advanced Protection > Advanced TCP Protection.
-
Depending on the rule you are creating, do one of the following:
- Under SYN Flood Protection, select Create SYN flood rule.
- Under Out-of-state TCP Protection, select Create out-of-state TCP rule.
-
In Mode, select a mode for the rule.
-
Under Set scope, select a scope for the rule. If you choose to apply the rule to a subset of incoming packets, select a region or a data center.
-
Under Sensitivity, define the burst sensitivity and rate sensitivity of the rule (by default, Medium). The sensitivity levels are based on the initially configured thresholds for your specific case.
-
Select Deploy.
-
Contact your account team to enable Advanced DNS Protection and make the initial configuration. The initial thresholds are based on your network’s individual behavior.
-
Log in to the Cloudflare dashboard ↗ and select your account.
-
Go to L3/4 DDoS > Advanced Protection > General settings.
-
Add the prefixes you wish to onboard. Advanced DNS Protection will only be applied to the prefixes you onboard. If you already onboarded the desired prefixes when you configured Advanced TCP Protection, you do not need to take any other action.
-
Go to Advanced DNS Protection.
-
Select Create Advanced DNS Protection rule.
-
In Mode, select a mode for the rule.
-
Under Set scope, select a scope to determine the range of packets that will be affected by the rule.
-
Under Sensitivity, define the burst sensitivity, rate sensitivity, and profile sensitivity to determine when to initiate mitigation.
-
Select Deploy.