Cloudflare as anti-ddos...

Kainzo

Active member
It seems that if I have cloudflare enabled it changes all ip's incoming from all users to the cloudflare ip.

Is there a way around this at all? It seems like it may be best used as an anti-ddos switch rather than a permanent solution.

I saw the CDN tutorial but it didn't really have what I wanted because I'd greatly prefer this to be a permanent thing.
 
You should enable it at the webserver level if possible, and disable access to the site from any IP but a CloudFlare IP, otherwise someone could fake their IP from that script.
 
Just some notes, I had a "real" DDoS attack on one of my client servers and CloudFlare did jack. Kiddie scripts don't count. The only way I was able to stop the attack was with NetDefender, which costs an arm...
 
Just some notes, I had a "real" DDoS attack on one of my client servers and CloudFlare did jack. Kiddie scripts don't count. The only way I was able to stop the attack was with NetDefender, which costs an arm...
Used to get ddos several times a week, including attacks of more than 3m p/s. Since switching to cloudflare we haven't had any ddos related down time at all. Are you talking about an application level denial of service? If so, look into the business account at 200/mo.
 
Used to get ddos several times a week, including attacks of more than 3m p/s.
The attacks I was dealing with were scored in NetDefender at 10GB/sec. Somehow they resolved the Cloudflare IP's don't ask me how as in iptables I only had their IP's allowed. Obviously they are pro's and it was over my knowledge. So I let it be handled by NetDefender.
 
The attacks I was dealing with were scored in NetDefender at 10GB/sec. Somehow they resolved the Cloudflare IP's don't ask me how as in iptables I only had their IP's allowed. Obviously they are pro's and it was over my knowledge. So I let it be handled by NetDefender.
Someone must have really had it in for that site then, 10Gb/s is close to 10m p/s. Bit puzzled since if it were layer 7 that's massive. To my knowledge CF free and pro accounts while not advertised as mitigation service can sustain quite the udp/tcp/syn slamming.
 
We had an attack of 10Gbps on our website. We thwarted it with a black lotus and now maintaining it with cloudflare
 
Top Bottom