Protect against random prefix attacks
In order to enable automatic mitigation of random prefix attacks:
Set up DNS Firewall.
Send a
PATCHrequest to update your DNS Firewall cluster.curl --request PATCH "https://api.cloudflare.com/client/v4/accounts/{account_id}/dns_firewall/{cluster_tag}" \--header "Authorization: Bearer <API_TOKEN>" \--header "Content-Type: application/json" \--data '{"attack_mitigation": {"enabled": true,"only_when_upstream_unhealthy": true}}'
Once you receive a 200 success response from the API, queries identified as being part of a random prefix attack will receive a REFUSED response.