Cloudflare protects customers against new record-breaking DDoS attack
HTTP/2 Rapid Reset is a flaw in the HTTP/2 protocol that can be exploited to carry out DDoS attacks.
Because 62% of the Internet traffic we see uses HTTP/2, this is a high severity vulnerability. It has been exploited to create the largest DDoS attack we have ever seen.
If you are using any of these Cloudflare products, you are already protected: CDN, SSL/TLS encryption, HTTP DDoS, WAF, Bot Management, Rate Limiting, API Gateway, or Page Shield.
If you're not using one of these products, Cloudflare can protect you today.
Solutions Engineer, Michiel Appelman explains record-breaking DDoS attack and how we stopped it
Read our press release on the HTTP/2 Rapid Reset attack campaign and Cloudflare’s response
Organizations proxying their HTTP traffic through Cloudflare are automatically protected. The vast majority of organizations using Cloudflare fall into this category.
You are protected if you have deployed any of these Cloudflare services:
If you have HTTP assets or applications that are not behind one of these products, contact Cloudflare or your DDoS protection vendor to learn more.
We’re here to help. Our HTTP/2 Rapid Reset Defense packages protect your organization against HTTP/2 attacks as well as other risks. Priority onboarding available.
With industry peers, Cloudflare helped discover the underlying flaw in late August, 2023. We worked with governments and industry groups to responsibly disclose the vulnerability and attack campaign.
Cloudflare DDoS Protection helps every organization with applications behind Cloudflare, including free customers. Less than 0.0001% of requests served during the attack campaign resulted in errors.
Cloudflare patched our implementation of HTTP/2 to reduce the impact of the exploit on our customers ’ applications.