My app has been running fine for a while, and just started getting DDoS'ed. I took a look at the IPs, and they all originate from CloudFlare. This either means that CloudFlare is DDoSing me (ins't this illegal?) OR, someone is using CloudFlare as a proxy in order to DDoS my app, but why wouldn't CloudFlare catch this?
Verify you don't have any page rules or anything in your traffic tab/A records combo that could be basically creating a super loop. I once accidentally took down 800 websites by setting up a super infinite DNS/Page Forwarding loop. It was horrible, I thought I was getting attacked, but turned out I just messed up some page forwarding.