Cloudflare Free Plan Anti-CC Attack Tutorial: How to Block DDoS at $0 Cost in 2025

Rey Posted on 9 days ago 36 Views

“I’m broke, but my blog is under attack from some script kiddie in a basement.”

If that sentence describes you, congratulations—you’re in the right place.

This step-by-step guide will show you how to configure Cloudflare free plan anti-CC protection without spending a single dime. No marketing fluff, no affiliate links, just the raw human experience from someone who has had enough of 502 errors.

Table of Contents

  1. Prerequisites & Hidden IP Check
  2. Security Level & DDoS Shield
  3. Rate Limiting Rule (the real anti-CC magic)
  4. Network Tweaks & Tor Blocking
  5. Test & Verify It Works
  6. Bonus: Country-level Firewall

1. Prerequisites & Hidden IP Check

  • Domain already orange-clouded inside Cloudflare DNS.
  • Real server IP must stay secret.
    Change your origin IP after onboarding to Cloudflare, otherwise attackers will bypass CF and hit your box directly (been there, done that).

2. Security Level & DDoS Shield

  1. Login → Security → Settings
    • Set Security Level to High.
    • Keep Browser Integrity Check ON.
    • Challenge TTL: 15 minutes (5 min during active attacks).
  2. Security → DDoS → HTTP DDoS Attack Protection
    • Action: Managed Challenge (or Block if you’re 100 % sure).
    • Sensitivity: High.
  3. Security → Bots → Bot Fight Mode → Enable.

3. Rate Limiting Rule (the real anti-CC magic)

  1. Security → WAF → Rate limiting rules → Create rule
  2. Name it “anti-cc-free-plan” or whatever satisfies your inner nerd.
  3. If incoming requests match…
    • Field: URL Path
    • Operator: contains
    • Value: /
  4. Then…
    • Action: Block
    • Requests: 50
    • Period: 10 seconds
    • Duration: 10 seconds
  5. Save & Deploy.

Pro tip: 50 hits in 10 seconds is safe for most blogs; crank it down to 20 if you run a forum and love drama.

4. Network Tweaks & Tor Blocking

  1. Network → Onion RoutingOFF.
  2. Network → WebSockets → keep ON only if you need real-time features; otherwise OFF to reduce attack surface.

5. Test & Verify It Works

  1. Open your site in a browser—should load instantly.
  2. Use curl -I https://yourdomain.com from a VPS; spam it 60 times in 10 seconds.
    You should hit the block page instead of your origin. If not, wait 60 seconds and try again (propagation delay).

6. Bonus: Country-level Firewall (optional)

If 99 % of your users are from China, Hong Kong, Taiwan, block the rest:

  1. Security → WAF → Custom rules → Create rule
  2. Expression: 
    (ip.geoip.country ne "CN" and ip.geoip.country ne "HK" and ip.geoip.country ne "TW")
  3. Action: Managed Challenge or Block.

SEO Hot Keywords & Description

Primary Keywords: Cloudflare free plan anti-CC, Cloudflare free DDoS protection, how to block CC attack on Cloudflare free, Cloudflare rate limiting tutorial, Cloudflare WAF free plan.

Long-tail Keywords: Cloudflare free plan rate limiting rule example, Cloudflare free DDoS settings 2025, stop layer 7 attack without Cloudflare Pro, Cloudflare free vs pro anti-CC comparison.

Meta Description (≤160 chars): Learn how to stop CC and DDoS attacks on Cloudflare’s free plan with step-by-step rate limiting and WAF rules—no credit card required.

万事屋 (Rei3 Workshop) © 2025. All rights reserved.

Repost or translate? Keep the credit alive:

https://www.rei3.com

This author has not provided a description.
Last updated on 2025-09-03