Default improvements
When your DNS records are proxied through Cloudflare, Cloudflare provides free and unmetered DDoS protection and other protection measures through the Web Application Firewall (WAF).
A distributed denial-of-service (DDoS) attack is where a large number of computers or devices, usually controlled by a single attacker, attempt to access a website or online service all at once. This flood of traffic can overwhelm the website's origin servers, causing the site to slow down or even crash.
sequenceDiagram;
participant User;
participant Website;
participant Server;
participant Botnet;
User->>Website: Requests to access site
Website->>Origin Server: Processes user requests
Botnet->>Origin Server: Sends a flood of traffic
Origin Server-->>Website: Slows down due to traffic overload
Origin Server-->>User: Unable to respond to user requests
For more information about DDoS attacks and Cloudflare DDoS protection, refer to Prevent DDoS attacks.
All customers have access to the Cloudflare Free Managed Ruleset, which provides mitigations against high and wide-impacting vulnerabilities.
For more details, refer to the WAF documentation.