Can we filter and block requests in Cloudflare that are incorrect or non-standard, or appear unlikely often from the same IP address, even if they are correct?
I am particularly interested in filtering requests with regular expressions and the ability to block IPs of wrong requests, or at least to automaticly response them with the 400 Bad Request response code, as it is possible using mod_security in the Apache server.
The second important thing is the ability to filter out extremely frequent requests that appear from the same IP address (even if they are correct). For example, I would like to be able to block IP addresses at the Cloudflare level, which have made more than 1000 requests per minute.
Does Cloudflare give us such an opportunity?
If so, what conditions do I have to meet and where can I do it in the Cloudflare panel? If possible, please give me precise guidelines.
All this matters in the context of defense against DDOS attacks.
I am a programmer who needs to implement a solution to protect against DDOS attacks. So far my program written in Python has used the Apache access_log in combination with Apache mod_security and other services such as firewall.
Now I have the opportunity to use Cloudflare and that's why I'm asking.
Maybe, thanks to Cloudflare, I will turn out my program, because it will be unnecessary and the solution will be able to do exactly the same as now, but at an earlier stage (the request will not reach the web server), but maybe (depending on the answer), I will have to stay the old way, or maybe I will be able to slightly improve the program and consumption of web server resources by eliminating it with mod_security or in some other way.
I am asking for help and advice.
Thank you in advance!
filtering requests with regular expressions
Use Firewall Rules.
ability to filter out extremely frequent requests that appear from the same IP address
Use Rate-Limiting.
please give me precise guidelines.
Contact Cloudflare Support for specific configuration to meet your requirements.