[DDoS Protection] Update DDoS FAQ#27884
Merged
patriciasantaana merged 2 commits intoproductionfrom Jan 27, 2026
Merged
Conversation
Contributor
|
This pull request requires reviews from CODEOWNERS as it changes files that match the following patterns:
|
Contributor
|
Preview URL: https://881a065a.preview.developers.cloudflare.com Files with changes (up to 15) |
pedrosousa
approved these changes
Jan 26, 2026
| In the case of a Slowloris attack, the attacker sends incomplete HTTP header lines, thus never completing the HTTP request. The server waits for the complete request, holding the connection open. The attacker periodically sends additional HTTP header fields or partial lines to keep the connection alive. This can be achieved by sending partial HTTP headers, or using the `content-length` header to declare a message body size larger than what is actually sent. | ||
|
|
||
| The best practice to defend against low and slow attacks is by using an HTTP reverse proxy, such as Cloudflare's [CDN](/fundamentals/concepts/how-cloudflare-works/) or [WAF](/waf/) service. The reverse proxy acts as a shield. It waits for a full HTTP request before forwarding it to the origin, serving from cache, or applying other actions based on user configuration. If you are using our CDN/WAF services, our L7 reverse proxy will absorb low and slow attacks. It will buffer uploads at the edge by default. The proxy will wait for the full HTTP request before passing it on. The client requests must be completed. | ||
| The best practice to defend against low and slow attacks is by using an HTTP reverse proxy, such as Cloudflare's [CDN](/fundamentals/concepts/how-cloudflare-works/) or [WAF](/waf/) service. The reverse proxy acts as a shield. It waits for a full HTTP request before forwarding it to the origin, serving from cache, or applying other actions based on user configuration. You can configure your zone so that requests are buffered by Cloudflare, which will absorb low and slow attacks. Our proxy waits for the full HTTP request before passing it on. To enable buffered requests, refer to [Request Body Buffering](/rules/configuration-rules/settings/#request-body-buffering). |
Contributor
There was a problem hiding this comment.
Note: This link requires that we merge #27876 first.
patriciasantaana
deleted the
patricia/pcx19592-buffered-upload-default
branch
MattieTK
pushed a commit
that referenced
this pull request
Jan 28, 2026
* request body buffering * wording
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Include info about request body buffering to low and slow ddos attack FAQ
Documentation checklist