Protect against random prefix attacks
In order to enable automatic mitigation of random prefix attacks:
Set up DNS Firewall.
Send a
PATCH
request to update your DNS Firewall cluster.curl -X PATCH "https://api.cloudflare.com/client/v4/accounts/<ACCOUNT_ID>/dns_firewall/<CLUSTER_TAG>" \-H "Authorization: Bearer <token>" \-H "Content-Type: application/json" \--data '{"attack_mitigation":{"enabled":true,"only_when_origin_unhealthy":true}}'
Once you receive a 200
success response from the API, queries identified as being part of a random prefix attack will receive a REFUSED
response.