moeyy

Cloudflare comes with 5 default firewall rules, completely free. The pro version can be used for only 50 yuan per year, for example: Cloudraft But having the pro version alone is not enough, you still need to create some rules to protect against CC attacks. It is best to have the CF pro package for your website and enable HTTPS. Let me briefly share my rules first. Blocking rules: Tor is onion routing and can be blocked. Block requests with a threat score greater than or equal to 5. Normal visitors with a low threat score will not trigger this rule, so don't worry about false positives. CAPTCHA rules: The first part means blocking HTTPS requests with HTTP version 1, because normal visitors accessing HTTPS use HTTP version 2, and only proxy CC requests will use HTTP version 1. This rule only works if your website has HTTPS enabled. As for the user agent, it prevents some strange user agents. If the threat score is greater than 1, a CAPTCHA will be displayed. Normal browsers and clean IPs will not trigger this rule. The last rule is to prevent IP spoofing. In addition to setting rules, you also need to configure some other things. For example, HTTP DDOS, set all to maximum: For automatic programs, only enable JS detection (other features require the enterprise version): There are also hosting rules, you can click to see, they are quite useful strategies. Cache configuration Set the cache level to Ignore Query String Page rules You can refer to mine: The last one is configuring forced HTTPS (redirect on Cloudflare, no need to go back to the origin server). First, in Page Rules -> Transform Rules, create a URL rewrite: After creating the transform rule, go to Page Rules and set the redirect: Note that the priority of this page rule must be first. In theory, after setting the above rules, you should be able to effectively defend against proxy CC attacks. If you encounter botnet CC attacks, you can only enable request rate limiting.