I’ve experiencing DDoS attack today and I’ve configured Cloudflare rate limiter, also activated WAF. Cloudflare blocked several hundred thousands request. Unfortunately, my server still experiencing pretty high flood request. I don’t know why it passed Cloudflare, even if I’ve setup rate limiter.
At last I forced to disable Cloudflare proxy and let AWS Web ACL handle it. Did I miss something here? Please help. I really want to use Cloudflare since AWS Web ACL pricing just not suite well with my current financial (small startup).