From 12874d1099f532e97f05416c77997e5ef2474558 Mon Sep 17 00:00:00 2001 From: omer-cloudflare <103426341+omer-cloudflare@users.noreply.github.com> Date: Sat, 29 Mar 2025 09:31:58 +1100 Subject: [PATCH 1/4] Update frequently-asked-questions.mdx Added additional FAQs and tweaked a few of the existing ones. --- .../frequently-asked-questions.mdx | 36 +++++++++++++------ 1 file changed, 26 insertions(+), 10 deletions(-) diff --git a/src/content/docs/ddos-protection/frequently-asked-questions.mdx b/src/content/docs/ddos-protection/frequently-asked-questions.mdx index 990e4de0c430e57..c1579fb8e250f51 100644 --- a/src/content/docs/ddos-protection/frequently-asked-questions.mdx +++ b/src/content/docs/ddos-protection/frequently-asked-questions.mdx @@ -25,24 +25,24 @@ There are three main DDoS mitigation systems: 3. [Advanced TCP Protection](/ddos-protection/advanced-ddos-systems/overview/advanced-tcp-protection/) 4. [Advanced DNS Protection](/ddos-protection/advanced-ddos-systems/overview/advanced-dns-protection/) -The DDoS Managed Ruleset includes many individual rules. Each rule provides the heuristics that instructs the system how to identify attack traffic. When the DDoS Managed Ruleset identifies an attack, it will generate a real-time fingerprint to match against the attack traffic, and install an ephemeral mitigation rule to mitigate the attack. +The DDoS Managed Ruleset includes many individual rules. Each rule provides the heuristics that instructs the system how to identify DDoS attack traffic. When the DDoS Managed Ruleset identifies an attack, it will generate a real-time fingerprint to match against the attack traffic, and install an ephemeral mitigation rule to mitigate the attack using that fingerprint. -The start time of the attack is when the mitigation rule is installed. The attack ends when there is no more traffic matching the rule. This is a single DDoS attack. +The start time of the attack is when the mitigation rule is installed. The attack ends when there is no more traffic matching the rule. This is a single DDoS attack event. A DDoS attack therefore has a start time, end time, and additional attack metadata such as: 1. Attack ID 2. Attack vector 3. Mitigating rule -4. Total bytes -5. Total packets -6. Attack target +4. Total bytes and packets +5. Attack target +6. Mitigation action This information is used to populate the [Executive Summary](/analytics/network-analytics/understand/main-dashboard/#executive-summary) section in the [Network Analytics](/analytics/network-analytics/) dashboard. It can also be retrieved via GraphQL API using the `dosdAttackAnalyticsGroups` node. -Currently, the concept of a DDoS attack only exists for the Network-layer DDoS Managed Ruleset. There is no such grouping of individual packets, queries, or HTTP requests for the other systems, although we plan to implement it. +Currently, the concept of a DDoS attack event only exists for the Network-layer DDoS Managed Ruleset. There is no such grouping of individual packets, queries, or HTTP requests for the other systems, although we plan to implement it. --- @@ -84,9 +84,11 @@ Yes. Using our anycast network, along with Traffic Manager, Unimog, and Plurimog --- -## Where can I see DDoS trends? +## Where can I see latest DDoS trends? -Refer to [Reports](/ddos-protection/reference/reports/) or [Radar](/radar/) for more information on viewing DDoS trends. +Cloudflare publishes quarterly DDoS reports and coverage of signficant DDoS attacks. The publications are available on our [blog website](https://blog.cloudflare.com/tag/ddos-reports/) and as interactive reports on the [Cloudflare Radar Reports website](https://radar.cloudflare.com/reports?q=DDoS). + +You can also view [Cloudflare Radar](https://radar.cloudflare.com/) for near real-time insights and trends. --- @@ -106,6 +108,20 @@ These tools and attacks exploit different aspects of network protocols and behav --- -## Can I exclude a user agent from DDoS protection? +## Can I exclude a specific user agent from the HTTP DDoS protection? + +Yes, you can create an [override](/managed-rulesets/http/override-expressions/) and use the expression fields to match against HTTP requests with the user agent. There are a variety of [fields](/managed-rulesets/http/override-expressions/#available-expression-fields) that you can use. +You can then adjust the [sensitivity level](/managed-rulesets/http/override-parameters/#sensitivity-level) or [mitigation action](/http/override-parameters/#action). + +Refer to the guide on how to [create an override](/managed-rulesets/http/configure-dashboard/#create-a-ddos-override). + +The use of expression fields is subject to [availability](#availability). + +## Does Cloudflare charge for DDoS attack traffic? + +No. Sinece 2017, Cloudflare offers [free unmeterered and unlimited DDoS protection](https://blog.cloudflare.com/unmetered-mitigation/). There is no limit to the number of DDoS attacks, their duration, or their size. Cloudflare's billing systems automatically exclude DDoS attack traffic from your usage. + + + + -You can override a user agent using a low sensitivity level or `Log` if you want visibility. From e13d4cb830f7fd7dd23bb89744981f106948bb75 Mon Sep 17 00:00:00 2001 From: Patricia Santa Ana <103445940+patriciasantaana@users.noreply.github.com> Date: Mon, 31 Mar 2025 09:01:54 -0700 Subject: [PATCH 2/4] Apply suggestions from code review --- .../docs/ddos-protection/frequently-asked-questions.mdx | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/src/content/docs/ddos-protection/frequently-asked-questions.mdx b/src/content/docs/ddos-protection/frequently-asked-questions.mdx index c1579fb8e250f51..06047614f54e70e 100644 --- a/src/content/docs/ddos-protection/frequently-asked-questions.mdx +++ b/src/content/docs/ddos-protection/frequently-asked-questions.mdx @@ -111,6 +111,7 @@ These tools and attacks exploit different aspects of network protocols and behav ## Can I exclude a specific user agent from the HTTP DDoS protection? Yes, you can create an [override](/managed-rulesets/http/override-expressions/) and use the expression fields to match against HTTP requests with the user agent. There are a variety of [fields](/managed-rulesets/http/override-expressions/#available-expression-fields) that you can use. + You can then adjust the [sensitivity level](/managed-rulesets/http/override-parameters/#sensitivity-level) or [mitigation action](/http/override-parameters/#action). Refer to the guide on how to [create an override](/managed-rulesets/http/configure-dashboard/#create-a-ddos-override). @@ -119,9 +120,5 @@ The use of expression fields is subject to [availability](#availability). ## Does Cloudflare charge for DDoS attack traffic? -No. Sinece 2017, Cloudflare offers [free unmeterered and unlimited DDoS protection](https://blog.cloudflare.com/unmetered-mitigation/). There is no limit to the number of DDoS attacks, their duration, or their size. Cloudflare's billing systems automatically exclude DDoS attack traffic from your usage. - - - - +No. Since 2017, Cloudflare offers [free, unmetered, and unlimited DDoS protection](https://blog.cloudflare.com/unmetered-mitigation/). There is no limit to the number of DDoS attacks, their duration, or their size. Cloudflare's billing systems automatically exclude DDoS attack traffic from your usage. From 7b33323ae7af09b0399139dbd12441a65c446570 Mon Sep 17 00:00:00 2001 From: Patricia Santa Ana <103445940+patriciasantaana@users.noreply.github.com> Date: Mon, 31 Mar 2025 09:33:41 -0700 Subject: [PATCH 3/4] Fix broken links --- .../docs/ddos-protection/frequently-asked-questions.mdx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/content/docs/ddos-protection/frequently-asked-questions.mdx b/src/content/docs/ddos-protection/frequently-asked-questions.mdx index 06047614f54e70e..122384e9f5bfb67 100644 --- a/src/content/docs/ddos-protection/frequently-asked-questions.mdx +++ b/src/content/docs/ddos-protection/frequently-asked-questions.mdx @@ -110,11 +110,11 @@ These tools and attacks exploit different aspects of network protocols and behav ## Can I exclude a specific user agent from the HTTP DDoS protection? -Yes, you can create an [override](/managed-rulesets/http/override-expressions/) and use the expression fields to match against HTTP requests with the user agent. There are a variety of [fields](/managed-rulesets/http/override-expressions/#available-expression-fields) that you can use. +Yes, you can create an [override](/ddos-protection/managed-rulesets/http/override-expressions/) and use the expression fields to match against HTTP requests with the user agent. There are a variety of [fields](/ddos-protection/managed-rulesets/http/override-expressions/#available-expression-fields) that you can use. -You can then adjust the [sensitivity level](/managed-rulesets/http/override-parameters/#sensitivity-level) or [mitigation action](/http/override-parameters/#action). +You can then adjust the [sensitivity level](/ddos-protection/managed-rulesets/http/override-parameters/#sensitivity-level) or [mitigation action](/ddos-protection/http/override-parameters/#action). -Refer to the guide on how to [create an override](/managed-rulesets/http/configure-dashboard/#create-a-ddos-override). +Refer to the guide on how to [create an override](/ddos-protection/managed-rulesets/http/configure-dashboard/#create-a-ddos-override). The use of expression fields is subject to [availability](#availability). From 7f347bb645e601930d0a96df193df46dc32618a7 Mon Sep 17 00:00:00 2001 From: Patricia Santa Ana <103445940+patriciasantaana@users.noreply.github.com> Date: Mon, 31 Mar 2025 14:46:08 -0700 Subject: [PATCH 4/4] Update src/content/docs/ddos-protection/frequently-asked-questions.mdx --- src/content/docs/ddos-protection/frequently-asked-questions.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/ddos-protection/frequently-asked-questions.mdx b/src/content/docs/ddos-protection/frequently-asked-questions.mdx index 122384e9f5bfb67..ad2b588bbaa2fa4 100644 --- a/src/content/docs/ddos-protection/frequently-asked-questions.mdx +++ b/src/content/docs/ddos-protection/frequently-asked-questions.mdx @@ -112,7 +112,7 @@ These tools and attacks exploit different aspects of network protocols and behav Yes, you can create an [override](/ddos-protection/managed-rulesets/http/override-expressions/) and use the expression fields to match against HTTP requests with the user agent. There are a variety of [fields](/ddos-protection/managed-rulesets/http/override-expressions/#available-expression-fields) that you can use. -You can then adjust the [sensitivity level](/ddos-protection/managed-rulesets/http/override-parameters/#sensitivity-level) or [mitigation action](/ddos-protection/http/override-parameters/#action). +You can then adjust the [sensitivity level](/ddos-protection/managed-rulesets/http/override-parameters/#sensitivity-level) or [mitigation action](/ddos-protection/managed-rulesets/http/override-parameters/#action). Refer to the guide on how to [create an override](/ddos-protection/managed-rulesets/http/configure-dashboard/#create-a-ddos-override).