alt Hacker NewsHuh, I got attacked from 170 countries last year (HTTP) and Cloudflare's autonomous detection (machine learning powered) rules did almost nothing. It was millions of the same requests over and over and the only thing that we could do to stop it was manually put in rules to block routes. Not only that, some of the attacking traffic came from within Cloudflare workers or it was at least going through their WARP client (those details are now fuzzy). Was a pretty miserable failure to perform on their part.
Replies
reassess_blind • yesterday at 11:27 PM
How many requests per second?
Similar experience last week. But tbh I'm using the free plan so I wasn't expecting too much from them. What it worked was to use nginx rate limiter aggressively, parse logs and deny top ips with nginx. Because all traffic comes through CF I wasn't able to use iptables for blocking