New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
(When) does CloudFlare drop the IP masquerading?
There are stories out there that CloudFlare would drop (=change the DNS entry to the actual host) the IP masquerading / proxying for free plans if there are attacks exceeding a certain threshold.
Is there any truth in that (or was there)? And if so, are there any details/parameters known of the required circumstances to drop it? I couldnt find any such information on their site.
Thanks.
Comments
This happened to me a few years ago so I ended up switching to their $200/m plan for a while. It was huge attacks for multiple hours daily.
In the end I switched to Sucuri for $10/month and it did the same job as the business plan. But today most of my sites are on the Cloudflare Free plan.
From a Cloudflare emplyee:
"I can't give a number (GPBS, etc.), unfortunately. We only route the domain direct if the attack is causing performance issues for other customers.
Note: Putting a customer direct temporarily is quite rare & we do send an email notification when this action is taken."
Wonder if it's a option if they just drop the dns record temporarily, because some hosters get mad when they get a ddos attack and may not just null route, may suspend for it.
That is a dumb hoster then though.
Chain Voxility behind it and problem solved, or someone you know that nulls automatic (Leaseweb, Nforce, OVH, Softlayer...)
Well Voxility does cost money, but if your getting attacks daily, probably would be a good idea.
Even with a nullrouting provider your origin ip will be exposed. Next day, when CF reinstates their proxying, attackers will probably target the origin ip instead, bypassing CF entirely
Which, if you have solid protection (Hetzner, OVH, Voxility...) does not matter either, unless you get L7, which means you need your own filtering regardless of CF anyway.
Pay for protection
Pay for CF
Choices are limited, you will pay in the end...
Which is why it's probably better to drop the DNS record and basically null route the traffic.
So no official statement or rules from their side?!