Targeted(motivated) DDoS mitigation strategies — CloudFlare Super bot fighting mode

Published on October 09, 2023 By Vedran Jakovac
📖 Originally published at vedranjakovac.com
Also available on Medium with canonical link back to this article.

Targeted(motivated) DDoS mitigation strategies — CloudFlare Super bot fighting mode

In recent times, we have been witnessing a rise in targeted attacks that are aimed at specific websites or organizations. The difference between regular attacks and targeted(motivated) is that targeted attacks can seek to exploit various aspects of a website

Smaller and mid-sized businesses are vulnerable to modern DDoS attacks that can bypass CloudFlare’s filters, causing unwanted downtimes and increased costs.

One of most popular ways to start mitigating this is via Super Bot Fight Mode option in CloudFlare.

Most important configuration options are

super bot fighting mode configuration

1. Definitely automate — set to “Managed Challenge”. This will ensure that all bots recognized by Cloudflare will be challenged by Cloudflare protection.

2. Verfied bots — set to “Allow”. This option will make sure to allow all bots coming from recognized places and be allowed to access the website (this is usually needed for automatization and integration with other websites and SaaS providers). One important caveat though is that not all providers are recognized and quite often this option will not end up allowing, but will instead filter out legitimate requests coming also from well known providers ( I experienced this to be happening also for requests incoming from eBay, PayPal and such) so it is important to be careful onwards, monitor closely and put necessary exceptions for those.

Article image

3. Javascript Detections — turn “On” — this will help with bots trying to fake real users by inserting small javascript in every page. Keep this on for extra safety and additional improvement in bot fighting.

All of these are important prerequisites for efficient DDoS protection and starting points to start protecting your website. From there on it is crucial to monitor what is happening with traffic and which events are getting filtered out, as well to try to avoid as many false positives as possible until they are all sorted out.
Filtered events can be found in the WAF — Events tab of Cloudflare menu.

Good luck!

Facing DDoS Attacks or Need Infrastructure Help?

Don't wait for the next attack or infrastructure issue. Get expert help with DDoS mitigation, AWS optimization, and security hardening.

Get Expert Help Now