Cloudflare detects the DDOS and will block it, notifying you by email. We almost never use the Under Attack Mode unless it's actually affecting us.
The biggest thing we do to help ourselves when we're under attack is making sure that the pages being ddosed (homepage, etc) is being cached by them. There will always be some requests that CF doesnt block, so the cache ensures they get served by them.
> The biggest thing we do to help ourselves when we're under attack is making sure that the pages being ddosed (homepage, etc) is being cached by them.
What about pages which can't be cached? For example an updated comment feed? How would you deal with dynamic data?
People who DDOS sites usually attack the homepage.
If they attack a dynamic page, check if you can cache them for 30 or 60 seconds. Pretty close to real time.
If you have cookie based authentication for those pages, its going to be difficult to cache them at all though. Which is where SPAs come in useful since auth is client side.
The biggest thing we do to help ourselves when we're under attack is making sure that the pages being ddosed (homepage, etc) is being cached by them. There will always be some requests that CF doesnt block, so the cache ensures they get served by them.