Default improvements
When your DNS records are proxied through Cloudflare, Cloudflare provides free and unmetered DDoS protection and other protection measures through the Web Application Firewall (WAF).
A distributed denial-of-service (DDoS) attack is where a large number of computers or devices, usually controlled by a single attacker, attempt to access a website or online service all at once. This flood of traffic can overwhelm the website's origin servers, causing the site to slow down or even crash.
sequenceDiagram; participant User; participant Website; participant Server; participant Botnet; User->>Website: Requests to access site Website->>Origin Server: Processes user requests Botnet->>Origin Server: Sends a flood of traffic Origin Server-->>Website: Slows down due to traffic overload Origin Server-->>User: Unable to respond to user requests
For more information about DDoS attacks and Cloudflare DDoS protection, refer to Prevent DDoS attacks.
All customers have access to the Cloudflare Free Managed Ruleset, which provides mitigations against high and wide-impacting vulnerabilities.
For more details, refer to the WAF documentation.