diff --git a/src/content/docs/ddos-protection/about/how-ddos-protection-works.mdx b/src/content/docs/ddos-protection/about/how-ddos-protection-works.mdx index 6539031476709f..90c9fab673a2fc 100644 --- a/src/content/docs/ddos-protection/about/how-ddos-protection-works.mdx +++ b/src/content/docs/ddos-protection/about/how-ddos-protection-works.mdx @@ -33,11 +33,6 @@ Once attack traffic matches a rule, Cloudflare's systems will track that traffic | Log | Records matching requests in the Cloudflare Logs. | | Use rule defaults | Uses the default action that is pre-defined for each rule. | -:::note - -DDoS attack traffic is automatically excluded from billing systems. -::: - ## Time to mitigate - Immediate mitigation for Advanced TCP and DNS Protection systems. diff --git a/src/content/docs/ddos-protection/botnet-threat-feed.mdx b/src/content/docs/ddos-protection/botnet-threat-feed.mdx index 61025988367e95..85c9a3f8acd028 100644 --- a/src/content/docs/ddos-protection/botnet-threat-feed.mdx +++ b/src/content/docs/ddos-protection/botnet-threat-feed.mdx @@ -11,9 +11,11 @@ head: The Cloudflare DDoS Botnet Threat Feed is a threat intelligence feed for service providers (SPs) such as hosting providers and Internet service providers (ISPs) that provides information about their own IP addresses that have participated in HTTP DDoS attacks as observed from Cloudflare's global network. The feed aims to help service providers stop the abuse and reduce DDoS attacks originating from within their networks. -Each service provider can only get information about IP addresses associated with their autonomous system numbers (ASNs). The affiliation of a service provider with their ASNs will be checked against [PeeringDB](https://www.peeringdb.com/), a reliable and globally recognized interconnection database. +Each offense is a mitigated HTTP request from the specific IP address. For example, if an IP has 3,000 offenses, it means that Cloudflare has mitigated 3,000 HTTP requests from that IP. -To ensure the feed’s accuracy, Cloudflare will only include in the feed IP addresses that have participated in multiple HTTP DDoS attacks and have triggered high-confidence rules. +A service provider can only get information about IP addresses associated with their autonomous system numbers (ASNs). The affiliation of a service provider with their ASNs will be checked against [PeeringDB](https://www.peeringdb.com/), a reliable and globally recognized interconnection database. + +To ensure the feed's accuracy, Cloudflare will only include IP addresses that have participated in multiple HTTP DDoS attacks and have triggered high-confidence rules. ## Context diff --git a/src/content/docs/ddos-protection/reference/simulate-ddos-attack.mdx b/src/content/docs/ddos-protection/reference/simulate-ddos-attack.mdx index 0e42fb75981c0c..1094cd3763c986 100644 --- a/src/content/docs/ddos-protection/reference/simulate-ddos-attack.mdx +++ b/src/content/docs/ddos-protection/reference/simulate-ddos-attack.mdx @@ -19,4 +19,6 @@ You can only launch DDoS attacks against your own Internet properties — your z You do not have to obtain permission from Cloudflare to launch a DDoS attack simulation against your own Internet properties. However, before launching the simulated attack, you must [open a Support ticket](/support/contacting-cloudflare-support/) and provide the information below. All fields are mandatory. +It is recommended that you choose the right service and enable the correct features to test against the corresponding DDoS attacks. For example, if you want to test Cloudflare against an HTTP DDoS attack and you are only using Magic Transit, the test is going to fail because you need to onboard your HTTP application to Cloudflare's reverse proxy service to test our HTTP DDoS Protection. +