L3/4 DDoS Attack Mitigation
Cloudflare provides protection against L3/4 DDoS attacks through several mitigation systems and rules. The L3/4 DDoS Managed Ruleset contains a subset of these rules, and you can adjust rule behavior according to your requirements.
The Cloudflare L3/4 DDoS Managed Ruleset
The Cloudflare L3/4 DDoS Managed Ruleset is a set of pre-configured rules used to match known DDoS attack vectors at levels 3 and 4 of the OSI model. Cloudflare updates the list of rules in the Managed Ruleset on a regular basis.
The Cloudflare L3/4 DDoS Managed Ruleset is always enabled — you can only customize its behavior.
You may need to adjust the behavior of specific rules in case of false positives or due to specific traffic patterns.
Adjust the behavior of the rules in the Managed Ruleset by modifying the following parameters:
- The performed action when an attack is detected
- The sensitivity of attack detection mechanisms
By default, your specific configurations (or overrides) apply to all packets, since the default rule expression is
true. Specify a different rule expression to match a subset of incoming packets for which you want to apply the override. Refer to for more information on the available fields for expressions of L3/4 DDoS Managed Ruleset overrides.
The Cloudflare L3/4 DDoS Managed Ruleset is available in early access to Magic Transit and Spectrum Enterprise customers.