From 1d03f96186b9e094f1cdee4548be74c763dcf5ce Mon Sep 17 00:00:00 2001 From: Patricia Loraine Santa Ana Date: Wed, 12 Feb 2025 16:03:04 -0800 Subject: [PATCH 1/2] flagged traffic clarification --- .../managed-rulesets/adaptive-protection.mdx | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/src/content/docs/ddos-protection/managed-rulesets/adaptive-protection.mdx b/src/content/docs/ddos-protection/managed-rulesets/adaptive-protection.mdx index 3129f01fc99a54c..8d60e6a82652a08 100644 --- a/src/content/docs/ddos-protection/managed-rulesets/adaptive-protection.mdx +++ b/src/content/docs/ddos-protection/managed-rulesets/adaptive-protection.mdx @@ -19,8 +19,6 @@ Adaptive DDoS Protection provides the following types of protection: Cloudflare Adaptive DDoS Protection is available to Enterprise customers according to the following table: - - | Feature | Profiling dimension | WAF/CDN1 | Magic Transit /
Spectrum BYOIP2 | | --------------------------------- | ------------------------------------------ | :-----------------: | :--------------------------------------------: | | **HTTP Adaptive DDoS Protection** | | | | @@ -31,8 +29,6 @@ Cloudflare Adaptive DDoS Protection is available to Enterprise customers accordi | For Protocols | IP protocol | — | Yes | | For Protocols | Client IP country and Region for UDP | — | Yes | - - 1 _WAF/CDN customers on the Enterprise plan with the Advanced DDoS Protection subscription._
2 _Magic Transit and Spectrum BYOIP customers on an Enterprise plan._ @@ -69,10 +65,20 @@ To view traffic flagged by L3/4 Adaptive DDoS Protection rules: 1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account. 2. Go to Account Home > **Analytics & Logs** > **Network Analytics**. -3. Filter by `Ruleset ID equals 3b64149bfa6e4220bbbc2bd6db589552` (the ID of the Network-layer DDoS Attack Protection managed ruleset) and by rule ID. +3. Filter by rule ID. You may also obtain information about flagged traffic through [Logpush](/logs/about/) or the [GraphQL API](/analytics/graphql-api/). +### Evaluate the rule enablement + +To determine if it is safe to enable an adaptive rule in mitigation: + +[INFO] + +:::note +Only suspected attack traffic over certain thresholds will be shown in your logs. +::: + ## Configure the rules You can adjust the action and sensitivity of the Adaptive DDoS Protection rules. The default action is _Log_. Use this action to first observe what traffic is flagged before deciding on a mitigation action. From d92b79aaf23499d562826129bceb8d860a9c72d2 Mon Sep 17 00:00:00 2001 From: Patricia Santa Ana <103445940+patriciasantaana@users.noreply.github.com> Date: Thu, 20 Feb 2025 09:12:15 -0800 Subject: [PATCH 2/2] Update src/content/docs/ddos-protection/managed-rulesets/adaptive-protection.mdx --- .../ddos-protection/managed-rulesets/adaptive-protection.mdx | 1 - 1 file changed, 1 deletion(-) diff --git a/src/content/docs/ddos-protection/managed-rulesets/adaptive-protection.mdx b/src/content/docs/ddos-protection/managed-rulesets/adaptive-protection.mdx index 8d60e6a82652a08..282460598856e18 100644 --- a/src/content/docs/ddos-protection/managed-rulesets/adaptive-protection.mdx +++ b/src/content/docs/ddos-protection/managed-rulesets/adaptive-protection.mdx @@ -69,7 +69,6 @@ To view traffic flagged by L3/4 Adaptive DDoS Protection rules: You may also obtain information about flagged traffic through [Logpush](/logs/about/) or the [GraphQL API](/analytics/graphql-api/). -### Evaluate the rule enablement To determine if it is safe to enable an adaptive rule in mitigation: