Configure notifications to receive real-time alerts (within ~1 minute) about L3/4 and L7 DDoS attacks on your Internet properties, depending on your plan and services. You can choose from different delivery methods.
Each notification email includes the following information:
- Detection and mitigation time of attack
- Attack type
- Maximum rate of attack
- Attack target
Notifications for HTTP DDoS alerts delivered through webhook or PagerDuty will also include the target hostname.
You will not receive duplicate DDoS alerts within the same one-hour time frame.
Set up a notification for DDoS alerts
To set up a notification:
Under Notifications, click Add.
- HTTP DDoS Attack Alerter
- Layer 4 Attack Alerter
Enter a notification name and (optionally) a description.
Edit an existing notification
Cloudflare can issue notifications for two kinds of DDoS alerts:
- HTTP DDoS attack: For HTTP attacks with a duration over two minutes that generate more than 2,000 requests per second.
- L3/L4 (network/transport layer) DDoS attack: For Layer 3/4 attacks with a duration over two minutes that generate more than 20,000 packets per second.
The available notifications depend on your Cloudflare plan and services:
|Notification type||WAF/CDN||Spectrum||Spectrum BYOIP||Magic Transit|
|HTTP DDoS attack||Yes||–||–||–|
|Layer 3/4 DDoS attack||–||Yes*||Yes||Yes|
* Only available on an Enterprise plan.
The following image shows an example notification delivered via email:
To investigate a possibly ongoing attack, click View Dashboard.
Events listed under with the
Connection Close mitigation action are not covered by DDoS alerts. Cloudflare only sends notifications when the mitigation action is one of the following: