Do people think CloudFlare will stop DDoS attacks?

David Beroff

Well-known member
Registered
Joined
Jun 14, 2016
Messages
1,498
Points
63
Nowadays on hosting forums, I have been seeing more and more people start recommending CloudFlare for the prevention of DDoS attacks, Why is this? and can CloudFlare really anti large DDOS attacks? What is your experience?
 

EcommIndiaCloudIT

Member
Registered
Joined
Dec 28, 2016
Messages
64
Points
0
First things first. You can never "Stop" a DDOS attack. You can only "mitigate" it. Keeping this in mind we should always look at the best ways to mitigate rather than prevent or stop and when you start looking at the features offered by various providers with this mindset, things start to become very clear.

Second thing to understand is that when you use a 3rd party provider for DDOS, almost always your data is being re-routed through their network which means you are adding latency every time someone wants to visit your site. Needless to say if your data is highly confidential, then this is a bigger security problem/loophole and you should look at implementing your own DDOS mitigation solutions rather than letting your confidential data go through filtering networks that you have no control over.

Now, as I understand CoudFlare provides various level of DDOS protection. Unless you are paying for the highest plan they are offering, the whole thing is pointless since the lower plans can easily be implemented on your own sever using web firewalls. If you are already on something like AWS, then even the highest plan that cloud flare offers becomes pointless since you have so many other ways you can mitigate this using the tools within AWS.

However, there are times when you would rather just let someone else's network take the load and do all the offsite data scrubbing for you before it hits your server. So unless you are a multi million dollar corporation, its better off you implement your own DDOS mitigation solutions.
 

VirtuBox

Well-known member
Registered
Joined
May 3, 2016
Messages
1,622
Points
83
Cloudflare is the first step to be protected against DDoS, but with free plans, it require to use a special page during 5 seconds to check your browser and make sure you are real visitor, and it doesn't protect your server, only your domains with the Cloudflare Proxy.
If an attacker find your server IP, he will be able to DDoS it and Cloudflare will be useless.

DDoS attacks will not stop in the next few years, the last one against OVH with up to 1TBps is the proof DDoS is still used and it's easier to DDoS now using any device connected to internet.
But that's the job of Hosting Providers to fight against DDoS, Cloudflare will help them, because they do a very good job with their DNS service, but they still have a small network compare to company like OVH (7TB Bandwidth and 5TB Exta for DDoS)
 

RDO Servers

Well-known member
Registered
Joined
Apr 3, 2015
Messages
1,027
Points
83
Yes Cloudflare will stop DDoS attacks from reaching your server if you have the appropriate Cloudflare plan and the attack is not directed at your server IP directly.

True DDoS protection should use one of 2 methods.

1) In house. Very expensive to have enough bandwidth and hardware in house to protect against large attacks. Many providers advertise their in house protection, but may only be able to protect against attacks < 2Gbps.

2) Tunneled protection. This is when you have your own IP block which is being announced by the DDoS protection providers routers. All traffic will go to their routers, through their DDoS protection network, then back to your server's via a GRE tunnel. This way, your network only accepts traffic that is encapsulated in the GRE tunnel (filtered traffic) and blocks all other traffic.
 

DTS-NET

Well-known member
Hosting Provider
Registered
Joined
Feb 6, 2017
Messages
93
Points
8
Have been using cloudflare since they started.
The awesome thing about cloudflare it works and they have offered more options year after year and keep investing which is what you want out of a company and they work with us partners and awesome to see how they have grown
 

RyanK

New member
Registered
Joined
Feb 7, 2017
Messages
4
Points
0

David Beroff

Well-known member
Registered
Joined
Jun 14, 2016
Messages
1,498
Points
63
Yes Cloudflare will stop DDoS attacks from reaching your server if you have the appropriate Cloudflare plan and the attack is not directed at your server IP directly.
Exactly I had an opportunity to see DDoS attacks on my site and I enabled Cloudflare "I'm under attacks" and it worked as a charm but I dislike this page

cloudflare redirect page ddos.png

My website visitors can leave the site because they think my website is having problem or took so long to access the website..etc
Is there a way to edit that page or I must change to paid plan?

2) Tunneled protection. This is when you have your own IP block which is being announced by the DDoS protection providers routers. All traffic will go to their routers, through their DDoS protection network, then back to your server's via a GRE tunnel. This way, your network only accepts traffic that is encapsulated in the GRE tunnel (filtered traffic) and blocks all other traffic.
I like this way, it will filter traffic coming to my site and removed DDoS IPs while my site is still running normally.
If compared with DDoS server from Cloudflare which way has more advantages?
 

RyanK

New member
Registered
Joined
Feb 7, 2017
Messages
4
Points
0
Users on any of the paid plans have the ability to customize that under attack message.
 

Dr. McKay

Well-known member
Registered
Joined
Nov 26, 2016
Messages
565
Points
28
Dr. McKay
I have same thought as David.
It is possible to use DDOS protection from Cloudflare without using that page? for example, i can replace custom attack message by my homepage? like my website is working normally but it is protected from Cloudflare.
 

RyanK

New member
Registered
Joined
Feb 7, 2017
Messages
4
Points
0
If you don't have I'm Under Attack Mode (IUAM) on, or have created page rules to perform additional checks, it's very unlikely that the interstitial page would come into play. There is also a new Rate Limiting feature that is coming soon (sign up for early access at https://www.cloudflare.com/rate-limiting/) that would prevent that screen from appearing. However, the option to customize that screen (and any other error related screens) is still limited to paid plans.
 

Gecko

Well-known member
Registered
Joined
Aug 25, 2016
Messages
364
Points
0
Gecko
Thanks for sharing this future feature. I have not heard anything about it but it seems like it's going to be real nice. Adding some security against DDoS attacks and brute force will come in very handy these days.

Do you know if their rate limiting is going to be available on all account levels?
 
Older Threads
Replies
9
Views
10,024
Replies
15
Views
8,459
Replies
18
Views
13,691
Newer Threads
Replies
16
Views
8,873
Replies
26
Views
21,616
Replies
0
Views
2,441
Recommended Threads
Replies
9
Views
1,936
Replies
3
Views
2,258
Replies
4
Views
4,371

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top