Cloudflare Docs
DDoS Protection
Edit this page on GitHub
Set theme to dark (⇧+D)

Create a rule

To create a SYN flood rule or an out-of-state TCP rule:

  1. Log in to the Cloudflare dashboard and select your account.

  2. Go to Account Home > L3/4 DDoS > Advanced TCP Protection.

  3. Depending on the rule you are creating, do one of the following:

    • Under SYN Flood Protection, select Create SYN flood rule.
    • Under Out-of-state TCP Protection, select Create out-of-state TCP rule.
  4. In Mode, select a mode for the rule.

  5. Under Set scope, select a scope for the rule. If you choose to apply the rule to a subset of incoming packets, select a region or a data center.

  6. Under Sensitivity, define the burst sensitivity and rate sensitivity of the rule (by default, Medium). The sensitivity levels are based on the initially configured thresholds for your specific case.

  7. Select Deploy.