Protect your website from a Distributed Denial of Service (DDoS) attack. Learn the basic countermeasures to stop an ongoing attack.
Overview
Cloudflare's network automatically mitigates very large DDoS attacks. Caching your content at Cloudflare also protects your website against small DDoS attacks, but uncached assets may require additional manual intervention steps provided in this guide.
Step 1: Enable Under Attack Mode
To activate Under Attack Mode:
1. Log in to your Cloudflare account.
2. Select the domain currently under attack.
3. Toggle Under Attack Mode to On within the Quick Actions section of the Cloudflare Overview app.
4. [Optional] Adjust Challenge Passage within the Settings tab of the Firewall app.
Step 2: Enable the Web Application Firewall (WAF)
Enable the Cloudflare WAF via the following procedure:
- Log in to your Cloudflare account.
- Select the domain that requires additional protection.
- Toggle Web Application Firewall to On within the Managed Rules tab of the Firewall app.
Step 3: Challenge or block traffic via the Firewall app
The Cloudflare Firewall app facilitates blocking of traffic via the following methods:
- IP Access Rules - Recommended for blocking multiple IP addresses, /16 or /24 IP ranges, or Autonomous System Numbers (ASNs).
- Firewall Rules - Recommended for blocking a country, any valid IP range, or more complex attack patterns.
- Zone Lockdown - Recommended to allow only trusted IP addresses or ranges to a portion of your site.
- User Agent Blocking - Recommended for blocking suspicious User-Agent headers for your entire domain.
To decide which country or IPs to block or challenge, check your log files. Contact your hosting provider to help identify:
- the attack traffic reaching your origin web server,
- the resources being accessed by the attack, and
- common characteristics of the attack (IP addresses, User Agents, countries, or ASNs, etc).
Step 4: Contact Cloudflare Support
If you are unable to stop an attack from overloading your origin web server when utilizing the steps above, contact Cloudflare Support for assistance.
Related resources
- Understanding Cloudflare DDOS protection
- Best Practices: DDoS preventative measures
- What does “I’m Under Attack Mode” do?
- Using Cloudflare Logs to investigate DDoS traffic (Enterprise Only)
- How to report a DDoS attack to law enforcement