Skip to content

[DDoS Protection] flagged traffic clarification #19956

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

[DDoS Protection] flagged traffic clarification #19956

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1d03f96
flagged traffic clarification
patriciasantaana Feb 13, 2025
d92b79a
Update src/content/docs/ddos-protection/managed-rulesets/adaptive-pro…
patriciasantaana Feb 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 10 additions & 5 deletions src/content/docs/ddos-protection/managed-rulesets/adaptive-protection.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,6 @@ Adaptive DDoS Protection provides the following types of protection:

Cloudflare Adaptive DDoS Protection is available to Enterprise customers according to the following table:



| Feature | Profiling dimension | WAF/CDN<sup>1</sup> | Magic Transit /<br/>Spectrum BYOIP<sup>2</sup> |
| --------------------------------- | ------------------------------------------ | :-----------------: | :--------------------------------------------: |
| **HTTP Adaptive DDoS Protection** | | | |
Expand All @@ -31,8 +29,6 @@ Cloudflare Adaptive DDoS Protection is available to Enterprise customers accordi
| For Protocols | IP protocol | — | Yes |
| For Protocols | Client IP country and Region for UDP | — | Yes |



<sup>1</sup> _WAF/CDN customers on the Enterprise plan with the Advanced DDoS Protection subscription._<br/>
<sup>2</sup> _Magic Transit and Spectrum BYOIP customers on an Enterprise plan._

Expand Down Expand Up @@ -69,10 +65,19 @@ To view traffic flagged by L3/4 Adaptive DDoS Protection rules:

1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
2. Go to Account Home > **Analytics & Logs** > **Network Analytics**.
3. Filter by `Ruleset ID equals 3b64149bfa6e4220bbbc2bd6db589552` (the ID of the Network-layer DDoS Attack Protection managed ruleset) and by rule ID.
3. Filter by rule ID.

You may also obtain information about flagged traffic through [Logpush](/logs/about/) or the [GraphQL API](/analytics/graphql-api/).


To determine if it is safe to enable an adaptive rule in mitigation:

[INFO]
Copy link
Contributor Author

@patriciasantaana patriciasantaana Feb 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How to evaluate whether it is safe to enable an adaptive rule in mitigation


:::note
Only suspected attack traffic over certain thresholds will be shown in your logs.
Copy link
Contributor Author

@patriciasantaana patriciasantaana Feb 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we clarify what the threshold is?

:::

## Configure the rules

You can adjust the action and sensitivity of the Adaptive DDoS Protection rules. The default action is _Log_. Use this action to first observe what traffic is flagged before deciding on a mitigation action.
Expand Down
Loading