Cloudflare Docs

DDoS Protection

Cloudflare Docs

DDoS Protection

Overview
Get started
About
How DDoS protection works
Main components
Attack coverage
Managed rulesets
HTTP DDoS Attack Protection
Configure in the dashboard
Configure via API
Configure using Terraform
Rule categories
Parameters
Override expressions
Network-layer DDoS Attack Protection
Configure in the dashboard
Configure via API
Configure using Terraform
Rule categories
Parameters
Override expressions
Adaptive DDoS Protection
Adjusting DDoS rules
Handle a false positive
Handle a false negative or an incomplete mitigation
Advanced TCP Protection
Setup
Concepts
How to
Add a prefix
Add an IP or prefix to the allowlist
Create a rule
Create a filter
Exclude a prefix
API configuration
Common API calls
JSON objects
Rule settings
Mitigation reasons
Advanced DNS Protection (beta)
Best practices
Third-party services and DDoS protection
Prevent DDoS attacks
Respond to DDoS attacks
Reference
Analytics
Reports
Alerts
Logs
Simulating test DDoS attacks
Changelog
Network-layer DDoS managed ruleset
Scheduled changes
2024-03-12
2023-07-31
2023-04-17
2022-12-02
2022-10-24
2022-10-06
2022-09-21
2022-09-16
2022-04-12
HTTP DDoS managed ruleset
Scheduled changes
2024-04-19
2024-04-16 - Emergency
2024-04-04 - Emergency
2024-04-02
2024-02-27
2024-02-26 - Emergency
2024-02-19
2024-02-12
2024-02-08 - Emergency
2024-02-06 - Emergency
2024-02-05 - Emergency
2024-01-26 - Emergency
2024-01-25
2024-01-23
2024-01-05
2023-12-19 - Emergency
2023-12-14 - Emergency
2023-12-08 - Emergency
2023-11-29
2023-11-22
2023-11-13 - Emergency
2023-11-10 - Emergency
2023-10-19
2023-10-11
2023-10-09 - Emergency
2023-09-24 - Emergency
2023-09-21 - Emergency
2023-09-05 - Emergency
2023-08-30 - Emergency
2023-08-29 - Emergency
2023-08-25 - Emergency
2023-08-16 - Emergency
2023-08-14
2023-08-11 - Emergency
2023-07-31
2023-07-17
2023-07-12 - Emergency
2023-07-07
2023-07-06
2023-06-28
2023-06-19
2023-06-16
2023-06-14 - Emergency
2023-06-06
2023-06-05 - Emergency
2023-05-26
2023-05-22
2023-05-16 - Emergency
2023-05-15 - Emergency
2023-05-02 - Emergency
2023-04-27 - Emergency
2023-04-21 - Emergency
2023-04-17
2023-04-03
2023-03-22
2023-03-10
2023-02-28 - Emergency
2023-02-20
2023-01-30
2022-12-07 - Emergency
2022-11-02 - Emergency
2022-10-14
2022-10-06 - Emergency
2022-09-19 - Emergency
2022-09-14
2022-09-13
2022-08-16
2022-08-10
2022-08-02
2022-07-18
2022-07-08
2022-07-06
2022-06-08
2022-06-01
2022-05-12
2022-05-03
2022-04-21
2022-04-12
2022-04-07

Changelog for managed rulesets

Cloudflare has a regular cadence of releasing updates and new rules to the DDoS managed rulesets. The updates either improve a rule’s accuracy, lower false positives rates, or increase the protection due to a change in the threat landscape.

The release cycle for a new rule within the regular cadence follows this process:

Cloudflare adds a new rule configured with the Log action, and announces the rule in the “Scheduled changes” section of each managed ruleset.
From that point on, if this rule matches any traffic, the matched traffic will be visible in one of the analytics dashboards. If you suspect this might be a false positive, you can lower the sensitivity for that rule. Refer to Handle a false positive for details.
Cloudflare updates the rule action to mitigate traffic (for example, using the Block action) after a period of at least seven days, usually on a Monday. The exact date is shown in the scheduled changes list.

Changes to existing rules follow the same process, except that Cloudflare will create a temporary updated rule (denoted as BETA in rule description) before updating the original rule on the next release cycle.

Cloudflare is very proactive in responding to new attack vectors, which may need to be released outside of the 7-day cycle, defined as an Emergency Release. This emergency release is only used to respond to new high priority threats with a low false positive probability.