Source from repo

Cloudflare Platform Skill

Comprehensive Cloudflare platform skill covering Workers, D1, R2, KV, AI, Durable Objects, and security.

cloudflareGitHub cloudflareSource repo Original GitHub link Publisher page

Files

321

Skill

n/a

Size

1.4 MB

Entrypoint

SKILL.md

Format

git-repo

Open file

references/ddos/configuration.md

Syntax-highlighted preview of this file as included in the skill package.

Rendered Source

markdown94 linesFree

references/ddos/configuration.md

1# DDoS Configuration
2 
3## Dashboard Setup
4 
51. Navigate to Security > DDoS
62. Select HTTP DDoS or Network-layer DDoS
73. Configure sensitivity & action per ruleset/category/rule
84. Apply overrides with optional expressions (Enterprise Advanced)
95. Enable Adaptive DDoS toggle (Enterprise/Enterprise Advanced, requires 7 days traffic history)
10 
11## Rule Structure
12 
13```typescript
14interface DDoSOverride {
15  description: string;
16  rules: Array<{
17    action: "execute";
18    expression: string; // Custom expression (Enterprise Advanced) or "true" for all
19    action_parameters: {
20      id: string; // Managed ruleset ID (discover via api.md)
21      overrides: {
22        sensitivity_level?: "default" | "medium" | "low" | "eoff";
23        action?: "block" | "managed_challenge" | "challenge" | "log"; // log = Enterprise Advanced only
24        categories?: Array<{
25          category: string; // e.g., "http-flood", "udp-flood"
26          sensitivity_level?: string;
27        }>;
28        rules?: Array<{
29          id: string;
30          action?: string;
31          sensitivity_level?: string;
32        }>;
33      };
34    };
35  }>;
36}
37```
38 
39## Expression Availability
40 
41| Plan | Custom Expressions | Example |
42|------|-------------------|---------|
43| Free/Pro/Business | ✗ | Use `"true"` only |
44| Enterprise | ✗ | Use `"true"` only |
45| Enterprise Advanced | ✓ | `ip.src in {...}`, `http.request.uri.path matches "..."` |
46 
47## Sensitivity Mapping
48 
49| UI | API | Threshold |
50|----|-----|-----------|
51| High | `default` | Most aggressive |
52| Medium | `medium` | Balanced |
53| Low | `low` | Less aggressive |
54| Essentially Off | `eoff` | Minimal mitigation |
55 
56## Common Categories
57 
58- `http-flood`, `http-anomaly` (L7)
59- `udp-flood`, `syn-flood`, `dns-flood` (L3/4)
60 
61## Override Precedence
62 
63Multiple override layers apply in this order (higher precedence wins):
64 
65```
66Zone-level > Account-level
67Individual Rule > Category > Global sensitivity/action
68```
69 
70**Example**: Zone rule for `/api/*` overrides account-level global settings.
71 
72## Adaptive DDoS Profiles
73 
74**Availability**: Enterprise, Enterprise Advanced  
75**Learning period**: 7 days of traffic history required
76 
77| Profile Type | Description | Detects |
78|--------------|-------------|---------|
79| **Origins** | Traffic patterns per origin server | Anomalous requests to specific origins |
80| **User-Agents** | Traffic patterns per User-Agent | Malicious/anomalous user agent strings |
81| **Locations** | Traffic patterns per geo-location | Attacks from specific countries/regions |
82| **Protocols** | Traffic patterns per protocol (L3/4) | Protocol-specific flood attacks |
83 
84Configure by targeting specific adaptive rule IDs via API (see api.md#typed-override-examples).
85 
86## Alerting
87 
88Configure via Notifications:
89- Alert types: `http_ddos_attack_alert`, `layer_3_4_ddos_attack_alert`, `advanced_*` variants
90- Filters: zones, hostnames, RPS/PPS/Mbps thresholds, IPs, protocols
91- Mechanisms: email, webhooks, PagerDuty
92 
93See [api.md](./api.md#alert-configuration) for API examples.
94

Preparing the source view

Cloudflare Platform Skill

references/ddos/configuration.md