Changelog · DDoS Protection

DDoS alerts now available for EU CMB customers

Mon, 03 Jun 2024 08:00:00 EST

DDoS alerts are now available for EU Customer Metadata Boundary (CMB) customers. This includes all DDoS alert type (Standard and Advanced) for both HTTP DDoS attacks and L3/4 DDoS attacks.

DDoS Protection - HTTP DDoS managed ruleset - Scheduled changes for 2024-04-29

Fri, 19 Apr 2024 08:00:00 EST

Announcement Date	Change Date	Rule ID	Description	Previous Action	New Action	Notes
2024-04-19	2024-04-29	`...d2f294d7`	HTTP requests trying to impersonate browsers.	ddos_dynamic	ddos_dynamic	Expand rule to catch more attacks

DDoS Protection - HTTP DDoS managed ruleset - 2024-04-19

Fri, 19 Apr 2024 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
`...154b29a0`	HTTP requests with unusual HTTP headers or URI path (signature #66).	N/A	block

Network Analytics now supported for EU CMB customers

Wed, 17 Apr 2024 08:00:00 EST

The Network Analytics dashboard is available to customers that have opted in to the EU Customer Metadata Boundary (CMB) solution. This also includes Network Analytics Logs (Logpush) and GraphQL API.

API users can ensure they are routed properly by directing their API requests at eu.api.cloudflare.com.

DDoS Protection - HTTP DDoS managed ruleset - 2024-04-16 - Emergency

Tue, 16 Apr 2024 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
`...05ad9070`	HTTP requests with unusual HTTP headers or URI path (signature #64).	N/A	block
`...890b8f4e`	HTTP requests with unusual HTTP headers or URI path (signature #65).	N/A	block

DDoS Protection - HTTP DDoS managed ruleset - 2024-04-04 - Emergency

Thu, 04 Apr 2024 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...177059f1	HTTP requests from known botnet (signature #31).	log	N/A
...7b231fb2	HTTP requests from known botnet (signature #81).	N/A	block

DDoS Protection - HTTP DDoS managed ruleset - 2024-04-02

Tue, 02 Apr 2024 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...d2f294d7	HTTP requests trying to impersonate browsers.	ddos_dynamic	ddos_dynamic	Update the rule to match to block attacks more consistently.

DDoS Protection - Network-layer DDoS managed ruleset - 2024-03-12

Tue, 12 Mar 2024 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...85fa2e98	Adaptive DDoS Protection for UDP Destination Ports (Available only to Enterprise accounts).	N/A	log	Enable rule that uses a customer's UDP destination port profile to mitigate traffic (log mode by default).

DDoS Protection - HTTP DDoS managed ruleset - 2024-02-26 - Emergency

Mon, 26 Feb 2024 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...6831bff1	HTTP requests with unusual HTTP headers or URI path (signature #35).	block	block	Extend the rule to catch attacks more comprehensively.
...e269dfd6	HTTP requests with unusual HTTP headers or URI path (signature #56).	block	block	Extend the rule to catch attacks more comprehensively.

DDoS Protection - HTTP DDoS managed ruleset - 2024-02-19

Mon, 19 Feb 2024 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...0fbfd5ae	HTTP requests from known botnet (signature #32).	block	ddos_dynamic
...22807318	HTTP requests from known botnets.	ddos_dynamic	ddos_dynamic	Expand rule logic to catch more attacks.
...3ad719cd	HTTP requests from known botnet (signature #79).	ddos_dynamic	ddos_dynamic	Expand the rule scope to catch more attacks.

DDoS Protection - HTTP DDoS managed ruleset - 2024-02-12

Mon, 12 Feb 2024 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...c47bdca6	HTTP requests with unusual HTTP headers or URI path (signature #62).	N/A	block

DDoS Protection - HTTP DDoS managed ruleset - 2024-02-08 - Emergency

Thu, 08 Feb 2024 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...3a679c52	Requests coming from known bad sources.	ddos_dynamic	managed_challenge	Expand the rule to mitigate on all zones.

DDoS Protection - HTTP DDoS managed ruleset - 2024-02-06 - Emergency

Tue, 06 Feb 2024 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...1fc1e601	HTTP requests with unusual HTTP headers or URI path (signature #31).	block	block	Modify characteristics of the unusual HTTP headers or URI path.
...3a679c52	Requests coming from known bad sources.	N/A	ddos_dynamic
...3ad719cd	HTTP requests from known botnet (signature #79).	ddos_dynamic	ddos_dynamic	Expand the scope of the rule to match more attacks.

DDoS Protection - HTTP DDoS managed ruleset - 2024-02-05 - Emergency

Mon, 05 Feb 2024 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...22807318	HTTP requests from known botnets.	ddos_dynamic	ddos_dynamic	Extend the rule to catch more attacks.

DDoS Protection - HTTP DDoS managed ruleset - 2024-01-26 - Emergency

Fri, 26 Jan 2024 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...3ad719cd	HTTP requests from known botnet (signature #79).	N/A	ddos_dynamic
...61bc58d5	HTTP requests with unusual HTTP headers or URI path (signature #55).	managed_challenge	managed_challenge	Expanded the scope of the rule to catch attacks more consistently.

DDoS Protection - HTTP DDoS managed ruleset - 2024-01-25

Thu, 25 Jan 2024 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...1fc1e601	HTTP requests with unusual HTTP headers or URI path (signature #31).	block	block	Add more characteristics to the unusual HTTP headers or URI path.

DDoS Protection - HTTP DDoS managed ruleset - 2024-01-23

Tue, 23 Jan 2024 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...1fc1e601	HTTP requests with unusual HTTP headers or URI path (signature #31).	block	block	Add more characteristics to the unusual HTTP headers or URI path.
...2de94fb2	HTTP requests with unusual HTTP headers or URI path (signature #3).	ddos_dynamic	block	Expand rule scope to catch more attacks.
...2f8d9a4f	HTTP requests from known botnet (signature #78).	N/A	block

DDoS Protection - HTTP DDoS managed ruleset - 2024-01-05

Fri, 05 Jan 2024 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...2de94fb2	HTTP requests with unusual HTTP headers or URI path (signature #3).	block	block	Fine-tune the characteristics of the unusual requests.
...177059f1	HTTP requests from known botnet (signature #31).	block	N/A	Removed due to false positives.
...6fe7a312	HTTP requests from known botnet (signature #70).	block	N/A	Removed due to false positives.
...82c0ed5f	HTTP requests from known botnet (signature #77).	N/A	block
...e4f3ea4d	HTTP requests from known botnet (signature #76).	N/A	block

DDoS Protection - HTTP DDoS managed ruleset - 2023-12-19 - Emergency

Tue, 19 Dec 2023 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...1fc1e601	HTTP requests with unusual HTTP headers or URI path (signature #31).	block	block	Add more characteristics to the unusual HTTP headers or URI path.
...22807318	HTTP requests from known botnets.	log	ddos_dynamic	Extend the rule to catch more attacks.
...d2f294d7	HTTP requests trying to impersonate browsers.	ddos_dynamic	ddos_dynamic	Change the rule to catch more attacks.

DDoS Protection - HTTP DDoS managed ruleset - 2023-12-14 - Emergency

Thu, 14 Dec 2023 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...6fe7a312	HTTP requests from known botnet (signature #70).	block	block	Tweak the rule to avoid false positives in some rare cases.

DDoS Protection - HTTP DDoS managed ruleset - 2023-12-08 - Emergency

Fri, 08 Dec 2023 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...6fe7a312	HTTP requests from known botnet (signature #70).	block	block	Updated the rule to avoid false positives in some rare circumstances.
...e7a37252	HTTP requests from known botnet (signature #75).	N/A	block

DDoS Protection - HTTP DDoS managed ruleset - 2023-11-29

Wed, 29 Nov 2023 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...8ed59b32	HTTP requests with unusual HTTP headers or URI path (signature #61).	ddos_dynamic	ddos_dynamic	Rename rule to avoid confusion.
...61e8d513	Global L7 WordPress attack mitigations (Deprecated)	ddos_dynamic	ddos_dynamic	Mark rule as deprecated.

DDoS Protection - HTTP DDoS managed ruleset - 2023-11-22

Wed, 22 Nov 2023 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...254da96a	HTTP requests with unusual HTTP headers or URI path (signature #58).	log	block

DDoS Protection - HTTP DDoS managed ruleset - 2023-11-13 - Emergency

Mon, 13 Nov 2023 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...22807318	HTTP requests from known botnets.	ddos_dynamic	ddos_dynamic	Improve this filter to catch more attacks.
...6fe7a312	HTTP requests from known botnet (signature #70).	block	block
...7c7a2f25	HTTP requests from known botnet (signature #74).	N/A	block
...d2f294d7	HTTP requests trying to impersonate browsers.	ddos_dynamic	ddos_dynamic

DDoS Protection - HTTP DDoS managed ruleset - 2023-11-10 - Emergency

Fri, 10 Nov 2023 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...7d0f1e5f	HTTP requests from known botnet (signature #72).	N/A	block
...94547a95	HTTP requests with unusual HTTP headers or URI path (signature #59).	N/A	ddos_dynamic
...e269dfd6	HTTP requests with unusual HTTP headers or URI path (signature #56).	log	block	Enable filter early to mitigate widespread impact.
...f35a42a0	HTTP requests with unusual HTTP headers or URI path (signature #57).	log	block	Enable filter early to mitigate widespread impact.

DDoS Protection - HTTP DDoS managed ruleset - 2023-10-19

Thu, 19 Oct 2023 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...61bc58d5	HTTP requests with unusual HTTP headers or URI path (signature #55).	ddos_dynamic	ddos_dynamic	Requests will be challenged by default, larger attacks are blocked.

DDoS Protection - HTTP DDoS managed ruleset - 2023-10-11

Wed, 11 Oct 2023 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...35675e08	HTTP requests with unusual HTTP headers or URI path (signature #24).	block	block	This rule can cause rare false positives with custom apps sending invalid headers.

DDoS Protection - HTTP DDoS managed ruleset - 2023-10-09 - Emergency

Mon, 09 Oct 2023 08:00:00 EST

Rule ID	Description	Previous Action	New Action
...02bbdce1	HTTP requests with unusual HTTP headers or URI path (signature #47).	N/A	block
...493cb8a8	HTTP requests with unusual HTTP headers or URI path (signature #52).	N/A	block
...5c344623	HTTP requests from uncommon clients	N/A	block
...6363bb1b	HTTP requests with unusual HTTP headers or URI path (signature #48).	N/A	block
...c1fbd175	HTTP requests trying to impersonate browsers (pattern #4).	N/A	block

DDoS Protection - HTTP DDoS managed ruleset - 2023-09-24 - Emergency

Sun, 24 Sep 2023 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...0fb54442	HTTP requests with unusual HTTP headers or URI path (signature #49).	N/A	block
...3dd5f188	HTTP requests from known botnet (signature #71).	N/A	block
...97003a74	HTTP requests with unusual HTTP headers or URI path (signature #17).	block	block	Expand rule to catch more attacks.

DDoS Protection - HTTP DDoS managed ruleset - 2023-09-21 - Emergency

Thu, 21 Sep 2023 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...1d73128d	HTTP requests from known botnet (signature #56).	block	block	Make the rule customizable as it might cause false positive in rare cases.
...4a95ba67	HTTP requests with unusual HTTP headers or URI path (signature #32).	ddos_dynamic	ddos_dynamic	Expand the scope of the rule to catch more attacks.
...6fe7a312	HTTP requests from known botnet (signature #70).	block	block	Update the rule to remove some rare false positives.

DDoS Protection - HTTP DDoS managed ruleset - 2023-09-05 - Emergency

Tue, 05 Sep 2023 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...22807318	HTTP requests from known botnets.	ddos_dynamic	ddos_dynamic	Expand filter to catch attacks more comprehensively.
...4346874d	HTTP requests with unusual HTTP headers or URI path (signature #46).	N/A	block
...6fe7a312	HTTP requests from known botnet (signature #70).	N/A	block	Expand filter to catch more attacks. It is now configurable.

DDoS Protection - HTTP DDoS managed ruleset - 2023-08-30 - Emergency

Wed, 30 Aug 2023 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...22807318	HTTP requests from known botnets.	ddos_dynamic	ddos_dynamic
...46082508	HTTP requests with unusual HTTP headers or URI path (signature #45).	N/A	block

DDoS Protection - HTTP DDoS managed ruleset - 2023-08-29 - Emergency

Tue, 29 Aug 2023 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...22807318	HTTP requests from known botnets.	managed_challenge	ddos_dynamic
...3fe55678	HTTP requests with unusual HTTP headers or URI path (signature #44).	N/A	block

DDoS Protection - HTTP DDoS managed ruleset - 2023-08-25 - Emergency

Fri, 25 Aug 2023 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...20c5afb5	HTTP requests with unusual HTTP headers or URI path (signature #36).	block	block	This rule was previously readonly, but can cause false positives in rare cases. It is now possible to override it.
...cb26e2e2	HTTP requests from known botnet (signature #69).	N/A	block
...ebff5ef1	HTTP requests with unusual HTTP headers or URI path (signature #43).	N/A	block

DDoS Protection - HTTP DDoS managed ruleset - 2023-08-16 - Emergency

Wed, 16 Aug 2023 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...9721fd20	HTTP requests trying to impersonate browsers (pattern #3).	N/A	ddos_dynamic

DDoS Protection - HTTP DDoS managed ruleset - 2023-08-14

Mon, 14 Aug 2023 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...22807318	HTTP requests from known botnets.	ddos_dynamic	managed_challenge	Expand the filter to catch more attacks.
...d2f294d7	HTTP requests trying to impersonate browsers.	ddos_dynamic	ddos_dynamic	Expand the filter to catch more attacks.

DDoS Protection - HTTP DDoS managed ruleset - 2023-08-11 - Emergency

Fri, 11 Aug 2023 08:00:00 EST

Rule ID	Description	Previous Action	New Action
...1de9523e	HTTP requests with unusual HTTP headers or URI path (signature #41).	N/A	block
...22807318	HTTP requests from known botnets.	managed_challenge	ddos_dynamic
...aa03a345	HTTP requests from known botnet (signature #68).	N/A	block
...efca86eb	HTTP requests from known botnet (signature #66).	N/A	block
...f93fb5d6	HTTP requests from known botnet (signature #67).	N/A	block

DDoS Protection - HTTP DDoS managed ruleset - 2023-07-31

Mon, 31 Jul 2023 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...9aec0913	HTTP requests from known botnet (signature #52).	block	block	Expose existing read-only filter publicly as it might cause false positives in rare cases.
...c5f479f0	HTTP requests from known botnet (signature #62).	N/A	block
...d0e36f9c	HTTP requests from known botnet (signature #63).	N/A	block

DDoS Protection - Network-layer DDoS managed ruleset - 2023-07-31

Mon, 31 Jul 2023 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...aa772b5c	Adaptive DDoS Protection for Location-Based UDP (Available only to Enterprise accounts).	N/A	log	Enable UDP geolocation Adaptive DDoS rule

DDoS Protection - Network-layer DDoS managed ruleset - 2023-04-17

Mon, 17 Apr 2023 08:00:00 EST

Previously, only a subset of rules were exposed publicly. In rare situations, these rules can cause false positives. When this happens, you can customize their behavior using overrides.

Besides these rules, the DDoS managed rules contain other rules that do not cause issues. Until now, these rules were not shown in the dashboard or referenced in the documentation.

Cloudflare now shows all rules in the dashboard, including these high-confidence rules. This means that packets matching these rules will now have the correct rule identifier. The newly published rules are read-only and you cannot disable them.

DDoS Protection - Network-layer DDoS managed ruleset - 2022-12-02

Fri, 02 Dec 2022 08:00:00 EST

Rule ID	Description	Previous Action	New Action	Notes
...58e4914a	Adaptive DDoS Protection for UDP (Available only to Enterprise accounts).	log	log	Lower sensitivity to avoid false positives
...76d5e15c	Adaptive DDoS Protection for Other IPv6 Protocols (Available only to Enterprise accounts).	log	log	Lower sensitivity to avoid false positives
...8de83ef6	Adaptive DDoS Protection for IPv6 GRE (Available only to Enterprise accounts).	log	log	Lower sensitivity to avoid false positives
...938e978c	Adaptive DDoS Protection for IPv6 ESP (Available only to Enterprise accounts).	log	log	Lower sensitivity to avoid false positives
...9c173480	Adaptive DDoS Protection for ICMP (Available only to Enterprise accounts).	log	log	Lower sensitivity to avoid false positives
...ad8078b8	Adaptive DDoS Protection for IPv4 GRE (Available only to Enterprise accounts).	log	log	Lower sensitivity to avoid false positives
...ae3f5e4e	Adaptive DDoS Protection for ICMPv6 (Available only to Enterprise accounts).	log	log	Lower sensitivity to avoid false positives
...c7dc52df	Adaptive DDoS Protection for Other IPv4 Protocols (Available only to Enterprise accounts).	log	log	Lower sensitivity to avoid false positives
...e4e7541c	Adaptive DDoS Protection for IPv4 ESP (Available only to Enterprise accounts).	log	log	Lower sensitivity to avoid false positives