I don't think free Cloudflare has a usage cap does it?
(My point being it's so easy it probably is 'worth it'? .. Especially after the first time this happens, even if only so you can tell media/bosses/whatever that mitigations have been put in place.)
Is Cloudflare’s free tier available to businesses? My understanding was that it’s for personal and hobby use only.
Airports probably fall under Cloudflare’s “enterprise” tier, which has no billing ceiling (as far as I can tell), even if the bandwidth might be free.
Put another way: I would not want to be the underpaid airport IT guy who has to justify tripling my operational budget because of a DDoS attack that (1) almost never happens, and (2) doesn’t actually affect critical systems.
Last I checked there's no SLA whatsoever until the top-tier "self-serve" plan, and that SLA's not an impressive one.
I've also heard (admittedly, from their competitors, but they turned out to be right about other things) that if your usage gets too crazy they'll encourage you to start paying.
And nb. that 100% of the "self-serve" plans (not the "call us" pricing) specify web traffic, like from a browser. If you're using it for e.g. delivering data to apps you might get away with it, but it's not technically permitted. Again, last I checked.