Cloudflare Can't Save You from a DoS (I Checked)
nullrabbit.aiI actually appreciate the feedback here. I find it personally really challenging to take feedback on and this is part of the journey.
The “I’m under attack” mode you mention is a JavaScript challenge which is Layer 7. It doesn’t help when SYN floods hit your kernel before any HTTP connection is established.
You are probably the first person outside my network to watch the video. Thanks.
The vids are real. I’ve been trying to work out how to better demonstrate this.
AI slop? Most egregiously nonsense part:
> **3. The Layer 7 Limitation** Cloudflare operates primarily at the application layer. Many failures happen deeper in the stack. Aggressive SYN floods, malformed packets, and protocol abuse strike the kernel before an HTTP request is even formed. If your defense relies on parsing HTTP, you have already lost the battle against L3/L4 attacks.
No idea how valid the video is. It could be accurate, it could be entirely simulated, it could be making some kind of simple mistake. (At least there’s a tiny bit more detail in the video description on Vimeo.) Anyway, good time to learn about the blanket “I’m under attack” mode and/or targeted rules.
> **2. The Origin IP Bypass** Cloudflare only protects traffic that proxies through them. If an attacker discovers your origin IP--or if you are running P2P nodes, validators, or RPC services that must expose a public IP--the edge is bypassed entirely. At that point, there is no WAF and no rate limiting. Your network interface is naked.
Revolutionary stuff.