1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cloudflare as anti-ddos...

Discussion in 'Server Configuration and Hosting' started by Kainzo, Aug 13, 2012.

  1. Kainzo

    Kainzo Active Member

    It seems that if I have cloudflare enabled it changes all ip's incoming from all users to the cloudflare ip.

    Is there a way around this at all? It seems like it may be best used as an anti-ddos switch rather than a permanent solution.

    I saw the CDN tutorial but it didn't really have what I wanted because I'd greatly prefer this to be a permanent thing.
  2. Will

    Will Active Member

  3. Kainzo

    Kainzo Active Member

    Wow - such a fast response! Let me try that, thank you!
  4. Kainzo

    Kainzo Active Member

    It seems like it couldn't be that easy.. I've done that - now lets see if it works
  5. Kent

    Kent Active Member

    You should enable it at the webserver level if possible, and disable access to the site from any IP but a CloudFlare IP, otherwise someone could fake their IP from that script.
  6. Floren

    Floren Well-Known Member

    Just some notes, I had a "real" DDoS attack on one of my client servers and CloudFlare did jack. Kiddie scripts don't count. The only way I was able to stop the attack was with NetDefender, which costs an arm...
    M@rc likes this.
  7. whyweprotest

    whyweprotest Well-Known Member

    Used to get ddos several times a week, including attacks of more than 3m p/s. Since switching to cloudflare we haven't had any ddos related down time at all. Are you talking about an application level denial of service? If so, look into the business account at 200/mo.
  8. Floren

    Floren Well-Known Member

    The attacks I was dealing with were scored in NetDefender at 10GB/sec. Somehow they resolved the Cloudflare IP's don't ask me how as in iptables I only had their IP's allowed. Obviously they are pro's and it was over my knowledge. So I let it be handled by NetDefender.
  9. whyweprotest

    whyweprotest Well-Known Member

    Someone must have really had it in for that site then, 10Gb/s is close to 10m p/s. Bit puzzled since if it were layer 7 that's massive. To my knowledge CF free and pro accounts while not advertised as mitigation service can sustain quite the udp/tcp/syn slamming.
  10. Kainzo

    Kainzo Active Member

    We had an attack of 10Gbps on our website. We thwarted it with a black lotus and now maintaining it with cloudflare

Share This Page