(When) does CloudFlare drop the IP masquerading?

bitswitch

There are stories out there that CloudFlare would drop (=change the DNS entry to the actual host) the IP masquerading / proxying for free plans if there are attacks exceeding a certain threshold.

Is there any truth in that (or was there)? And if so, are there any details/parameters known of the required circumstances to drop it? I couldnt find any such information on their site.

Thanks.

Wicked

This happened to me a few years ago so I ended up switching to their $200/m plan for a while. It was huge attacks for multiple hours daily.

In the end I switched to Sucuri for $10/month and it did the same job as the business plan. But today most of my sites are on the Cloudflare Free plan.

From a Cloudflare emplyee:

"I can't give a number (GPBS, etc.), unfortunately. We only route the domain direct if the attack is causing performance issues for other customers.

Note: Putting a customer direct temporarily is quite rare & we do send an email notification when this action is taken."

Edmond

@Wicked said:
This happened to me a few years ago so I ended up switching to their $200/m plan for a while. It was huge attacks for multiple hours daily.

In the end I switched to Sucuri for $10/month and it did the same job as the business plan. But today most of my sites are on the Cloudflare Free plan.

From a Cloudflare emplyee:

"I can't give a number (GPBS, etc.), unfortunately. We only route the domain direct if the attack is causing performance issues for other customers.

Note: Putting a customer direct temporarily is quite rare & we do send an email notification when this action is taken."

Wonder if it's a option if they just drop the dns record temporarily, because some hosters get mad when they get a ddos attack and may not just null route, may suspend for it.

William

That is a dumb hoster then though.

Chain Voxility behind it and problem solved, or someone you know that nulls automatic (Leaseweb, Nforce, OVH, Softlayer...)

Edmond

@William said:
That is a dumb hoster then though.

Chain Voxility behind it and problem solved, or someone you know that nulls automatic (Leaseweb, Nforce, OVH, Softlayer...)

Well Voxility does cost money, but if your getting attacks daily, probably would be a good idea.

teamacc

@William said:
That is a dumb hoster then though.

Chain Voxility behind it and problem solved, or someone you know that nulls automatic (Leaseweb, Nforce, OVH, Softlayer...)

Even with a nullrouting provider your origin ip will be exposed. Next day, when CF reinstates their proxying, attackers will probably target the origin ip instead, bypassing CF entirely

William

teamacc said: Even with a nullrouting provider your origin ip will be exposed. Next day, when CF reinstates their proxying, attackers will probably target the origin ip instead, bypassing CF entirely

Which, if you have solid protection (Hetzner, OVH, Voxility...) does not matter either, unless you get L7, which means you need your own filtering regardless of CF anyway.

Edmond said: Well Voxility does cost money, but if your getting attacks daily, probably would be a good idea.

• Pay for protection

• Pay for CF

Choices are limited, you will pay in the end...

Edmond

@teamacc said:

@William said:
That is a dumb hoster then though.

Chain Voxility behind it and problem solved, or someone you know that nulls automatic (Leaseweb, Nforce, OVH, Softlayer...)

Even with a nullrouting provider your origin ip will be exposed. Next day, when CF reinstates their proxying, attackers will probably target the origin ip instead, bypassing CF entirely

Which is why it's probably better to drop the DNS record and basically null route the traffic.

bitswitch

@Wicked said:
From a Cloudflare emplyee:

"I can't give a number (GPBS, etc.), unfortunately. We only route the domain direct if the attack is causing performance issues for other customers.

Note: Putting a customer direct temporarily is quite rare & we do send an email notification when this action is taken."

So no official statement or rules from their side?!