Cloudflare 中文文档
Learning Paths
Cloudflare 中文文档
Application Security (Learning Path)
编辑这个页面
跳转官方原文档
Set theme to dark (⇧+D)
  1. Learning Paths
  2. Application Security
  3. Default traffic security
  4. DDoS Protection

DDoS Protection

  1 min read

Cloudflare automatically detects and mitigates DDoS attacks using its Autonomous Edge, which is always-on. Advanced protections are reserved for Magic Transit customers.

OSI Layer Ruleset / Feature Example of covered DDoS attack vectors
L3/4 Network-layer DDoS Attack Protection UDP flood attack
SYN floods
SYN-ACK reflection attack
ACK floods
Mirai and Mirai-variant L3/4 attacks
ICMP flood attack
SNMP flood attack
QUIC flood attack
Out of state TCP attacks
Protocol violation attacks
SIP attacks
ESP flood
DNS amplification attack
DNS Garbage Flood
DNS NXDOMAIN flood
DNS Query flood

For more DNS protection options, refer to Getting additional DNS protection.
L3/4 Advanced TCP Protection 1 Fully randomized and spoofed ACK floods, SYN floods, SYN-ACK reflection attacks, and other sophisticated TCP-based DDoS attacks
L7 Advanced DNS Protection Beta 1 Sophisticated and fully randomized DNS attacks, including random-prefix attacks and DNS laundering attacks
L7 (HTTP/HTTPS) HTTP DDoS Attack Protection HTTP flood attack
WordPress pingback attack
HULK attack
LOIC attack
Slowloris attack
Mirai and Mirai-variant HTTP attacks

  1. Available to Magic Transit customers. ↩︎ ↩︎

Refer to the learning path Prevent DDoS attacks to dive deeper into this subject.




Next