Answer the question
In order to leave comments, you need to log in
Cloudflare can't handle a ddos attack, what are the options?
The processor is 100% clogged, although it blocked entire countries in Cloudflare, it seems that little should leak out.
I hid the IP until it seems to have leaked, the processor is 100% full when the traffic from CF goes to the server.
But it doesn't seem like it should go....
netstat -na | grep :443| wc -l
1000-1500
netstat -n -t | grep SYN_RECV | wc -l
0
Answer the question
In order to leave comments, you need to log in
1. Under Attack Mode or captcha (helps in some cases)
2. Rate Limiter + banip (forward ip users through cloudflare and ban through api cloudflare) (can be done using self-written python or anything, or using the fail2ban module and its add-ons for cloudflare)
Next, you need to understand what exactly loads the server. Most likely, this is not even nginx, but a backend (php or whatever you have).
I advise you to use php8.0-fpm and nginx. It also needs to be optimized. At least chop off gzip on nginx. (this creates a load on the percent). PHP 8.0 delivers a significant performance boost.
If security is not particularly important, disable ssl on your server and assign the task of terminating ssl to cloudflare (make Flexible ssl mode in the SSL\TLS cloudflare tab)
===========
I can’t say anything else, because. no specifics from you. You need to look at least what loads percent. Problems can be different (heavy and unoptimized code, old software versions, etc.)
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question