All Cloudflare plans offer unlimited and unmetered mitigation of DDoS attacks. Customers are not charged for attack traffic ever, period. There’s no penalty for spikes due to attack traffic, requiring no chargeback by the customer.
Easily onboard your web applications within minutes from the dashboard or the API. Adding other Cloudflare security, performance, and reliability functionality is as easy as flipping a switch.
With over 192 Tbps of network capacity and a global network that’s constantly learning from the millions of Internet properties on it, Cloudflare protects you against the largest and most sophisticated attacks.
According to Forrester, "Cloudflare protects against DDoS from the edge, and fast," and that "customer references view Cloudflare’s edge network as a compelling way to protect and deliver applications."
Cloudflare centralized and decentralized mitigation systems work in concert to identify and mitigate most DDoS attacks in under 10 seconds (3 seconds on average). Preconfigured static rules are deployed in less than 1 second.
It’s been really impressive to see how Cloudflare’s DDoS mitigation continues to evolve and morph, and it’s definitely the best DDoS mitigation we’ve ever had. It’s easy. It’s a no-brainer.
Jason Smale
Vice President of Engineering
With a simple change to your DNS settings, you can onboard your website to Cloudflare within minutes. Cloudflare’s globally distributed anycast network routes visitor requests to the nearest Cloudflare data center.
When Cloudflare’s edge data centers receive a request, they scan it to see if the visitor appears to be a threat, using criteria such as HTTP headers, user agent, query string, path, host, HTTP method, HTTP version, TLS cipher version, and request rate. We also look at HTTP response metrics such as error codes returned by customers’ origin servers.
Our global and local DoS mitigation systems work in concert to protect new and existing threats of any size or kind against your website.
Any resources that are already cached are served from Cloudflare’s data centers directly. Other client request traffic is sent to your origin server over Cloudflare’s high-performance network.
Cloudflare’s DDoS protection is designed to integrate and operate seamlessly with other security and performance products including Web Application Firewall, Bot Management, Load Balancer, CDN, and more.
Cloudflare’s built-in analytics give you deeper insights into your traffic patterns, threats observed (and blocked), and much more right from the dashboard or via the Cloudflare GraphQL API. Cloudflare logs can also be integrated with third-party SIEMs.