Cloudflare Docs

DDoS Protection

Cloudflare Docs

DDoS Protection

Overview
Get started
About
How DDoS protection works
Main components
Attack coverage
Managed rulesets
HTTP DDoS Attack Protection
Configure in the dashboard
Configure via API
Configure using Terraform
Rule categories
Parameters
Override expressions
Network-layer DDoS Attack Protection
Configure in the dashboard
Configure via API
Configure using Terraform
Rule categories
Parameters
Override expressions
Adaptive DDoS Protection
Adjusting DDoS rules
Handle a false positive
Handle a false negative or an incomplete mitigation
Advanced TCP Protection
Setup
Concepts
How to
Add a prefix
Add an IP or prefix to the allowlist
Create a rule
Create a filter
Exclude a prefix
API configuration
Common API calls
JSON objects
Rule settings
Mitigation reasons
Advanced DNS Protection (beta)
Best practices
Third-party services and DDoS protection
Prevent DDoS attacks
Respond to DDoS attacks
Reference
Analytics
Reports
Alerts
Logs
Simulating test DDoS attacks
Changelog
Network-layer DDoS managed ruleset
Scheduled changes
2024-03-12
2023-07-31
2023-04-17
2022-12-02
2022-10-24
2022-10-06
2022-09-21
2022-09-16
2022-04-12
HTTP DDoS managed ruleset
Scheduled changes
2024-04-19
2024-04-16 - Emergency
2024-04-04 - Emergency
2024-04-02
2024-02-27
2024-02-26 - Emergency
2024-02-19
2024-02-12
2024-02-08 - Emergency
2024-02-06 - Emergency
2024-02-05 - Emergency
2024-01-26 - Emergency
2024-01-25
2024-01-23
2024-01-05
2023-12-19 - Emergency
2023-12-14 - Emergency
2023-12-08 - Emergency
2023-11-29
2023-11-22
2023-11-13 - Emergency
2023-11-10 - Emergency
2023-10-19
2023-10-11
2023-10-09 - Emergency
2023-09-24 - Emergency
2023-09-21 - Emergency
2023-09-05 - Emergency
2023-08-30 - Emergency
2023-08-29 - Emergency
2023-08-25 - Emergency
2023-08-16 - Emergency
2023-08-14
2023-08-11 - Emergency
2023-07-31
2023-07-17
2023-07-12 - Emergency
2023-07-07
2023-07-06
2023-06-28
2023-06-19
2023-06-16
2023-06-14 - Emergency
2023-06-06
2023-06-05 - Emergency
2023-05-26
2023-05-22
2023-05-16 - Emergency
2023-05-15 - Emergency
2023-05-02 - Emergency
2023-04-27 - Emergency
2023-04-21 - Emergency
2023-04-17
2023-04-03
2023-03-22
2023-03-10
2023-02-28 - Emergency
2023-02-20
2023-01-30
2022-12-07 - Emergency
2022-11-02 - Emergency
2022-10-14
2022-10-06 - Emergency
2022-09-19 - Emergency
2022-09-14
2022-09-13
2022-08-16
2022-08-10
2022-08-02
2022-07-18
2022-07-08
2022-07-06
2022-06-08
2022-06-01
2022-05-12
2022-05-03
2022-04-21
2022-04-12
2022-04-07

DDoS analytics

You can view DDoS analytics in different dashboards, depending on your service and plan:

The Security Events dashboard provides you with visibility into L7 security events that target your zone, including HTTP DDoS attacks and TCP attacks. The dashboard displays mitigations of HTTP DDoS attacks as HTTP DDoS events. These events are also available via Cloudflare Logs.
The Network Analytics dashboard provides you with visibility into L3/4 traffic and DDoS attacks that target your IP ranges or Spectrum applications.

Availability

Service	Free	Pro	Business	Enterprise
WAF/CDN	Activity log only	Security Events	Security Events	Security Events
Spectrum	–	–	–	Network Analytics
Magic Transit	–	–	–	Network Analytics

Remarks

In some situations, the analytics dashboards will not show you the ID of the DDoS managed rule that handled a packet/request. This means that an internal DDoS rule, which Cloudflare does not currently expose publicly, applied an action to the packet/request. These internal DDoS rules have a very low false positive rate and should always be enabled to protect your properties against DDoS attacks. For the same reason, DDoS rule IDs may also be unavailable in Cloudflare logs and API responses.