Jump to content
--> Place your ad text here <--
Get Free Banners - Giveaway MaxCheaters.com
We're Rebuilding – Join Our Staff Team

Cloudflare Ddosing Me

Szakalaka

By Szakalaka
in Off-Topics

 Share

Recommended Posts

Szakalaka Newbie

Szakalaka

Posted
Posted

Hi, is there anyone with experience on CF? I got small web server on my vps (literally nothing interesting here), i allow only IPs from cloudflare range, so it's impossible to connect directly. Now, i am under ddos, and CF seems not to filter out the requests. At this point there were total 80kk requests from ONLY 30 unique visitors. How can i configure CF to ban IPs that connect lets say more than 1k times over an hour? I spent hours digging in their documentation and tools...

xxdem Newbie

xxdem

Posted
Posted

iptables is your friend, it can do anything you describe and literally ALL firewalls are just user interfaces for plain iptables. Just look for a guide on the net

Szakalaka Newbie

Szakalaka

Posted
  • Author
Posted

I know i can do it with iptables. The thing is, its just a tiny tiny vps, so every connection = check in the iptables. I just wanted cloudflare to take responsibility of filtering, not to let them into my server at all.

xxdem Newbie

xxdem

Posted
Posted

I know i can do it with iptables. The thing is, its just a tiny tiny vps, so every connection = check in the iptables. I just wanted cloudflare to take responsibility of filtering, not to let them into my server at all.

 

None will do that for free. 

 

Keep in mind that iptables has nearly zero overhead and a very slight one in case of a few million records

eressea Newbie

eressea

Posted
Posted (edited)

iptables is your friend, it can do anything you describe and literally ALL firewalls are just user interfaces for plain iptables. Just look for a guide on the net

 

Unless you have some special hardware like Radware DefensePro

 

I know i can do it with iptables. The thing is, its just a tiny tiny vps, so every connection = check in the iptables. I just wanted cloudflare to take responsibility of filtering, not to let them into my server at all.

 

I fear you won't find any free service for it; or at least service you can count on

 

Keep in mind that iptables has nearly zero overhead and a very slight one in case of a few million records

 

Depends on how many rules do you use, whether you use conntracking (and whether you use it the right way - then it can help much because you check only SYN packets and pass through the rest) etc...

There's also lot of additional settings that might interest you like SYN cookies.

 

Szaka: If I were you, I'd start with iptables and try to find something better only if iptables won't do it

 

EDIT: In case you need to check whether IP belongs to some set, don't set rules for all those addresses. Use ipset http://ipset.netfilter.org/

Edited by eressea
xxdem Newbie

xxdem

Posted
Posted

Unless you have some special hardware like Radware DefensePro

 

AFAIK even hardware firewalls internally use iptables.

Except if someone writes his own OS for the firewall a case I really doubt since the iptables that comes with the linux Kernel is an extremely good and reliable base.

I may be wrong because I don't have much hands-on experience with firewalls

eressea Newbie

eressea

Posted
Posted

AFAIK even hardware firewalls internally use iptables.

Except if someone writes his own OS for the firewall a case I really doubt since the iptables that comes with the linux Kernel is an extremely good and reliable base.

I may be wrong because I don't have much hands-on experience with firewalls

 

When it's Linux-based, it will use iptables, that's fact. There are some other options that are used commonly, for example pfSense which is FreeBSD-based. Also Cisco has it's own operating system (IOS, don't confuse with iOS)

Sdw Newbie

Sdw

Posted
Posted

Depending on how, you can act on iptables or webserver, cloudflare, beside declaring yourself under attack you can't do shit. I wouldn't even consider those guy to protect me.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing


×
×
  • Create New...

AdBlock Extension Detected!

Our website is made possible by displaying online advertisements to our members.

Please disable AdBlock browser extension first, to be able to use our community.

I've Disabled AdBlock