Want to subscribe to topics you're interested in?
Become a Member

Cloudflare Cloudflare Announces Unmetered DDOS Mitigation For All Plans

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Sep 26, 2017.

  1. rdan

    rdan Well-Known Member

    5,446
    1,408
    113
    May 25, 2014
    Ratings:
    +2,201
    Local Time:
    11:29 AM
    Mainline
    10.2
    That is great option.
    404, 403, 401 limit rate is very nice to have.
    And also can skip cache hit which is brilliant.

     
  2. eva2000

    eva2000 Administrator Staff Member

    54,546
    12,221
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,790
    Local Time:
    1:29 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  3. rdan

    rdan Well-Known Member

    5,446
    1,408
    113
    May 25, 2014
    Ratings:
    +2,201
    Local Time:
    11:29 AM
    Mainline
    10.2
    Attackers on my site are improving, now using 130k+ unique IPs.

    Most attacks cannot be detected by rate limiting by CF, as it looks like each IP only sends a request once every few seconds (1 request per 2-4 seconds on average).
     
  4. duy13

    duy13 New Member

    16
    3
    3
    Oct 22, 2016
    California, USA
    Ratings:
    +16
    Local Time:
    10:29 AM
    1.13.x
    MariaDB 10.x
    But there are still some packets that have reached the backend before, so there is a 404 status, and then cloudflare ratelimit has a basis to block.
    What i mean, is the packet has passed the cache, goes straight to the backend, forcing php and mysql to process it to know if a strange URL (not in nginx/cloudflare's cache) is 404 or not 404


    This is what i mean, they send amazingly low number of packets and terrible number of ips
     
  5. rdan

    rdan Well-Known Member

    5,446
    1,408
    113
    May 25, 2014
    Ratings:
    +2,201
    Local Time:
    11:29 AM
    Mainline
    10.2
    And it's hard to combat.

    Slow attack are still ongoing now, with 250k+ unique IPs since 12 hours ago.
    And by default Cloudflare didn't even notice it on Pro plan.
     
  6. duy13

    duy13 New Member

    16
    3
    3
    Oct 22, 2016
    California, USA
    Ratings:
    +16
    Local Time:
    10:29 AM
    1.13.x
    MariaDB 10.x
    I met him once, he only send 5 packets every 15 seconds, even some IPs only send 1-2 connections every 15 seconds... but some huge IPs. The vps server I need to protect is very poor, with only 1 core cpu and 2GB of ram, it's completely unstoppable.
    It seems there are only 2 choices:
    1. upgrade the server to ensure that it can handle that amount of connections
    2. enable Layer 7 challenges (captcha, js, ...)
    However if I meet guys who are able to ddos layer 7 solve the captcha, hcaptcha... with the api from 2captcha.com, for a small amount of money he solves a lot of captcha and passes the challenge... -> It's bad luck to encounter an attacker like this :confused:
     
  7. eva2000

    eva2000 Administrator Staff Member

    54,546
    12,221
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,790
    Local Time:
    1:29 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah still some will get through unless you're using Cloudflare Enterprise Bot Management. Shame that feature isn't inherited by Business, Pro and Free plans :(
     
  8. rdan

    rdan Well-Known Member

    5,446
    1,408
    113
    May 25, 2014
    Ratings:
    +2,201
    Local Time:
    11:29 AM
    Mainline
    10.2
    Plus I think switching from PHP-FPM to Nginx Unit would help a little bit as it performs better.
     
  9. eva2000

    eva2000 Administrator Staff Member

    54,546
    12,221
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,790
    Local Time:
    1:29 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Did't even notice until I looked at my Cloudflare dashboard that I got ~5 minutes of love from someone :)

    upload_2023-2-4_15-10-14.png

    Majority of the requests hit index page of which ~38 requests hit the origin server (miss + dynamic + revalidated) :D

    Filtered on index page

    upload_2023-2-4_15-12-39.png

    Bot Analysis

    upload_2023-2-4_15-15-18.png
     
  10. eva2000

    eva2000 Administrator Staff Member

    54,546
    12,221
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,790
    Local Time:
    1:29 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Is that from own experience? Not sure how much as changed but I benchmarked Nginx Unit Application Proxy with embedded PHP instead of PHP-FPM 6 yrs ago and yes Nginx Unit's embedded PHP if tested directly is faster than PHP-FPM but once you put Nginx web server in front of Nginx Unit App proxy, PHP performance ends up about the same as the bottleneck is Nginx web server itself in how fast embedded PHP or PHP-FPM performs. Benchmarks at https://community.centminmod.com/threads/nginxs-unit.12803/#post-54905

    Nginx Unit embedded PHP managed 282.95 req/s when directly tested but put it behind Nginx proxy it's embedded PHP performance drops back down to 131-170 req/s compared to at the time Centmin Mod Nginx with PHP-FPM between 146-170 req/s
    Code (Text):
    head -n1 /usr/local/var/log/siege.log; tail -18 /usr/local/var/log/siege.log
         Date & Time,  Trans,  Elap Time,  Data Trans,  Resp Time,  Trans Rate,  Throughput,  Concurrent,    OKAY,   Failed
    **** nginx-unit-php5631 ****
    2017-09-23 20:10:42,   8279,      29.26,         818,       0.35,      282.95,       27.96,       97.74,    8281,       0
    **** cmm-nginx-php-fpm-5631 ****
    2017-09-23 20:12:25,   4289,      29.33,         439,       0.51,      146.23,       14.97,       74.78,    4303,       0
    **** cmm-nginx-php-fpm-5631-static-pm ****
    2017-09-23 20:16:44,   4834,      29.96,         495,       0.48,      161.35,       16.52,       77.54,    4857,       0
    **** cmm-nginx-php-fpm-5631-dynamic-pm ****
    2017-09-23 20:20:50,   5134,      30.10,         528,       0.45,      170.56,       17.54,       77.22,    5173,       0
    **** cmm-nginx-php-fpm-5631-dynamic-pm-maxchild40-maxspare36 ****
    2017-09-23 20:24:45,   3581,      29.85,         370,       0.60,      119.97,       12.40,       72.45,    3633,       0
    **** cmm-nginx-php-fpm-5631-dynamic-pm-maxchild40-maxspare36-run2 ****
    2017-09-23 20:29:35,   4804,      29.67,         497,       0.37,      161.91,       16.75,       59.66,    4868,       0
    **** nginx-unit-php5631-20-workers ****
    2017-09-23 20:39:22,   6913,      29.89,         683,       0.41,      231.28,       22.85,       94.66,    6914,      95
    **** nginxproxy-unit-php5631-20-workers ****
    2017-09-23 20:49:26,   5182,      29.68,         514,       0.48,      174.60,       17.32,       84.57,    5205,       0
    **** nginxproxy-unit-php5631-10-workers ****
    2017-09-23 20:55:08,   4318,      30.03,         427,       0.60,      143.79,       14.22,       85.98,    4319,       0
    **** nginxproxy-unit-php5631-30-workers ****
    2017-09-23 20:58:20,   3920,      29.79,         387,       0.74,      131.59,       12.99,       97.14,    3920,       0
    
     
  11. rdan

    rdan Well-Known Member

    5,446
    1,408
    113
    May 25, 2014
    Ratings:
    +2,201
    Local Time:
    11:29 AM
    Mainline
    10.2
    From recent benchmark I’ve read.
    That’s one of my todo list to test it myself also.