You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/ddos-protection/advanced-ddos-systems/overview/index.mdx
+5-8Lines changed: 5 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -46,13 +46,9 @@ The automatic threshold system calculates thresholds every 10 minutes for both n
46
46
47
47
These checks are performed independently for SYN Flood Protection, Out-of-State TCP Flood Protection, and Advanced DNS Protection. The criteria does not require the presence of any rules to be configured. Accounts initially provisioned by the automatic system will have default thresholds. Otherwise, thresholds may be unconfigured if they are not set by Cloudflare.
48
48
49
-
After seven days, the system calculates a rate and burst threshold for each of the protection components.
49
+
After seven days, the system calculates a rate and burst threshold for each of the protection components. The burst threshold is calculated as five times the rate threshold.
50
50
51
-
Thresholds are applied globally per account.
52
-
53
-
There is no minimum packets-per-second (pps) requirement for threshold calculation.
54
-
55
-
The burst threshold is calculated as five times the rate threshold.
51
+
Thresholds are applied globally per account and there is no minimum packets-per-second (pps) requirement for threshold calculation.
56
52
57
53
Thresholds are derived using the 95th percentile (P95) of observed traffic over the preceding seven days:
58
54
@@ -66,8 +62,9 @@ The automatic threshold calculation system does not differentiate between legiti
66
62
67
63
#### Implementation
68
64
69
-
You should enable the automatically provisioned rules. Initially, these rules will have default values and operate in Monitor mode. After seven days, once thresholds are calculated, you can use the Network Analytics dashboard to observe what packets would have been dropped or allowed, then safely enable the rules in mitigation mode. Depending on what is observed in the Network Analytics dashboard (e.g. legitimate traffic is being flagged in Monitor mode), you may want to change the sensitivity level and continue observation before enabling in mitigation mode. Rules and Filters, where supported, can also be scoped to allow for additional granularity.
70
-
Recalculation
65
+
You should enable the automatically provisioned rules. Initially, these rules will have default values and operate in Monitor mode. After seven days, once thresholds are calculated, you can use the Network Analytics dashboard to observe what packets would have been dropped or allowed, then safely enable the rules in mitigation mode. Depending on what is observed in the Network Analytics dashboard (for example, legitimate traffic is being flagged in Monitor mode), you may want to change the sensitivity level and continue observation before enabling in mitigation mode. Rules and Filters, where supported, can also be scoped to allow for additional granularity.
66
+
67
+
#### Recalculation
71
68
72
69
Automatic thresholds are calculated only once. Cloudflare can manually trigger a recalculation. Adding, approving, removing, delegating, advertising, or withdrawing prefixes after initial onboarding does not automatically re-trigger the calculation. It is recommended to move the relevant systems to Monitor mode before making changes that impact traffic levels and requesting a recalculation from Cloudflare. Future improvements will take these events into consideration.
0 commit comments