Cloudflare Docs

DDoS Protection

Cloudflare Docs

DDoS Protection

Overview
Get started
About
How DDoS protection works
Main components
Attack coverage
Managed rulesets
HTTP DDoS Attack Protection
Configure in the dashboard
Configure via API
Configure using Terraform
Rule categories
Parameters
Override expressions
Network-layer DDoS Attack Protection
Configure in the dashboard
Configure via API
Configure using Terraform
Rule categories
Parameters
Override expressions
Adaptive DDoS Protection
Adjusting DDoS rules
Handle a false positive
Handle a false negative or an incomplete mitigation
Advanced TCP Protection
Setup
Concepts
How to
Add a prefix
Add an IP or prefix to the allowlist
Create a rule
Create a filter
Exclude a prefix
API configuration
Common API calls
JSON objects
Rule settings
Mitigation reasons
Advanced DNS Protection (beta)
Best practices
Third-party services and DDoS protection
Prevent DDoS attacks
Respond to DDoS attacks
Reference
Analytics
Reports
Alerts
Logs
Simulating test DDoS attacks
Changelog
Network-layer DDoS managed ruleset
Scheduled changes
2024-03-12
2023-07-31
2023-04-17
2022-12-02
2022-10-24
2022-10-06
2022-09-21
2022-09-16
2022-04-12
HTTP DDoS managed ruleset
Scheduled changes
2024-04-04 - Emergency
2024-04-02
2024-02-27
2024-02-26 - Emergency
2024-02-19
2024-02-12
2024-02-08 - Emergency
2024-02-06 - Emergency
2024-02-05 - Emergency
2024-01-26 - Emergency
2024-01-25
2024-01-23
2024-01-05
2023-12-19 - Emergency
2023-12-14 - Emergency
2023-12-08 - Emergency
2023-11-29
2023-11-22
2023-11-13 - Emergency
2023-11-10 - Emergency
2023-10-19
2023-10-11
2023-10-09 - Emergency
2023-09-24 - Emergency
2023-09-21 - Emergency
2023-09-05 - Emergency
2023-08-30 - Emergency
2023-08-29 - Emergency
2023-08-25 - Emergency
2023-08-16 - Emergency
2023-08-14
2023-08-11 - Emergency
2023-07-31
2023-07-17
2023-07-12 - Emergency
2023-07-07
2023-07-06
2023-06-28
2023-06-19
2023-06-16
2023-06-14 - Emergency
2023-06-06
2023-06-05 - Emergency
2023-05-26
2023-05-22
2023-05-16 - Emergency
2023-05-15 - Emergency
2023-05-02 - Emergency
2023-04-27 - Emergency
2023-04-21 - Emergency
2023-04-17
2023-04-03
2023-03-22
2023-03-10
2023-02-28 - Emergency
2023-02-20
2023-01-30
2022-12-07 - Emergency
2022-11-02 - Emergency
2022-10-14
2022-10-06 - Emergency
2022-09-19 - Emergency
2022-09-14
2022-09-13
2022-08-16
2022-08-10
2022-08-02
2022-07-18
2022-07-08
2022-07-06
2022-06-08
2022-06-01
2022-05-12
2022-05-03
2022-04-21
2022-04-12
2022-04-07

Respond to DDoS attacks

Cloudflare’s network automatically mitigates large DDoS attacks, but these attacks can still affect your application.

All customers

All customers should perform the following steps to better secure their application:

Make sure all DDoS managed rulesets are set to default settings (High sensitivity level and mitigation actions) for optimal DDoS activation.
Deploy WAF custom rules and rate limiting rules to enforce a combined positive and negative security model. Reduce the traffic allowed to your website based on your known usage.
Make sure your origin is not exposed to the public Internet, meaning that access is only possible from Cloudflare IP addresses. As an extra security precaution, we recommend contacting your hosting provider and requesting new origin server IPs if they have been targeted directly in the past.
If you have Managed IP Lists or Bot Management, consider using these in WAF custom rules.
Enable caching as much as possible to reduce the strain on your origin servers, and when using Workers, avoid overwhelming your origin server with more subrequests than necessary.

Enterprise customers

In addition to the steps for all customers, Cloudflare Enterprise customers subscribed to the Advanced DDoS Protection service should consider enabling Adaptive DDoS Protection, which mitigates attacks more intelligently based on your unique traffic patterns.