This is a simple Python script designed to detect timeouts and enable Cloudflare custom WAF rules. The script was created to help users who prefer to have their Cloudflare WAF off when not needed.
- Cloudflare free plan
- Another server with SSH access to host the script
- Python installed on the server (you can also host it on the same server, but it's not recommended)
- Installed requests and ping3 on server with Python
Q: How does it work?
A: The script sends a request every second to detect timeouts (default timeout is 5 seconds). It then pings the server IP to check if the server is up. If the server is down, it waits for 60 minutes and repeats the process. If the server is up but there is downtime, it indicates a potential DDoS attack. The script then uses the Cloudflare API to update WAF rules (examples provided in the code). After 60 minutes, it turns off the Cloudflare rules.
Q: Is it tested and functional?
A: Yes, it works effectively with a stable hosting provider. If your hosting provider experiences instability, the script might trigger itself even without a DDoS attack.
Q: Can I customize the DDoS detection method?
A: Yes, you can modify the script to use your own DDoS detection method. The provided timeout-based method is effective for stable VPS setups.
High CPU usage during server downtime:
Normal CPU usage during non-attack period:
Cloudflare dashboard showing requests:
- Uptime Kuma
- Grafana integrated with Prometheus