Menu
Forums
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Trending
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Upgrades
Log in
Register
What's new
Search
Search
Search titles only
By:
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Server Development
Habbo Retros
Habbo Q&A
[HELP] DDoS Attack
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="BIOS" data-source="post: 461772" data-attributes="member: 15674"><p>Whitelisting CF IPs is good but isn't a silver bullet. You need rate limiting, probably be best adding a firewall rule on CF which issues a "captcha" (don't use js-challenge) to potentially malicious requests. Believe free tier customers get 5 free rules.</p><p></p><p>Check the requests you're seeing on CF dashboard, or in your webserver access logs. Try find a correlation between them i.e. are they all originating from the same ASN, similar user agent, same request path? (and so on), and create a rule to "challenge" (or if you're sure, "block") those requests.</p><p></p><p> </p><p>You're much better blocking it before it reaches your server i.e. at Cloudflare level. If you block on your server, it still has to process the request even if it's only a small burden, it adds up.</p><p></p><p>This needs updating but might also be useful: <a href="https://devbest.com/threads/l7-ddos-mitigation-megathread.90653/" target="_blank">https://devbest.com/threads/l7-ddos-mitigation-megathread.90653/</a></p></blockquote><p></p>
[QUOTE="BIOS, post: 461772, member: 15674"] Whitelisting CF IPs is good but isn't a silver bullet. You need rate limiting, probably be best adding a firewall rule on CF which issues a "captcha" (don't use js-challenge) to potentially malicious requests. Believe free tier customers get 5 free rules. Check the requests you're seeing on CF dashboard, or in your webserver access logs. Try find a correlation between them i.e. are they all originating from the same ASN, similar user agent, same request path? (and so on), and create a rule to "challenge" (or if you're sure, "block") those requests. You're much better blocking it before it reaches your server i.e. at Cloudflare level. If you block on your server, it still has to process the request even if it's only a small burden, it adds up. This needs updating but might also be useful: [URL]https://devbest.com/threads/l7-ddos-mitigation-megathread.90653/[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Server Development
Habbo Retros
Habbo Q&A
[HELP] DDoS Attack
Top