DDoS attack over?
No, but for now I'm successfully filtering it.
Has Cloudflare had an effect on DDOS attacks at all? I'm guessing there's been a few attempts since it was introduced, but we haven't noticed. I haven't used cloudflare, but I assume they let you know if there is an unusual amount of traffic happening?
CF stops all sub-layer-7 attacks, which is somewhat useful. But I was doing pretty well at stopping those on my own. What caused me to switch to Cloudflare in the first place was tens of thousands of IPs doing things which seemed indistinguishable from real-world traffic. For those layer-7 attacks, Cloudflare has been a mixed bag.
First of all, I can enable the "checking your browser" thing, and that stops almost all attacker traffic. But that also breaks noscript browsers and bots, so I don't like to do it too much. Skilled attackers can also sometimes get through that, though I think that it does require a proof-of-work.
Cloudflare is honestly not very good at detecting attack traffic. You'd think that they'd be able to detect things like a huge influx of IPs that are not the regular visitors, or IPs that are not used for regular traffic on
any of CF's sites, or a bunch of weird request patterns that have never been done before in the history of the site. I feel like
I'd be able to write this kind of general detection code if I had a year to dedicate to it, and I'm not a giant corporation. So that's a disappointment. But nobody else is better AFAIK. I talked to Incapsula at length, and their tech is AFAICT basically the same as Cloudflare, but a lot more expensive.