[solardev]

How did the attackers get your origin ip to begin with? I thought cloudflare was supposed to shield it at the DNS level, and in theory your origin should be dropping all connections not coming from an authenticated Cloudflare proxy?

[jart]

They weren't able to talk to my origin IP, because when I was using Cloudflare, I blocked at the firewall all IPs that weren't Cloudflare. The problem is that they would DDOS my server through Cloudflare. And because the traffic was being proxied, I couldn't block the attackers without blocking Cloudflare. Unless of course I wanted to fill out a form on their website 9,000 times. It's an awesome website by the way. I love their workers and r2 products. But Cloudflare honestly isn't that good at DDOS protection. These attacks were so bad that Cloudflare would start showing NGINX error pages before my web app even went down. Cloudflare should be paying me to protect them, rather than the other way around.

[prdonahue]

Do you have a support ticket # you can email me w/details (pat at cloudflare)?

We take every reported false negative as an opportunity to improve our DDoS mitigations, and these reports are very helpful.

As of a few weeks ago, you can now report FNs/FPs for Bot Mitigation directly in the dashboard, and we'll be expanding this pattern for use with DDoS Mitigation as well.