There are two circumstances where it will appear that Cloudflare is attacking you, when Cloudflare

would not be sending any attack traffic at all.

1.    You're a Cloudflare customer with a domain on Cloudflare. Since we are a reverse proxy for sites


  using our service, our IPs are going to show in your server logs until you install something on your


  server to restore original visitor IP (mod_cloudflare for Apache servers, for example).

  Solutions for Apache, Nginx & other servers.



2.    You're getting attacks from Cloudflare's IPs because they are being spoofed. Cloudflare does not


  send traffic over anything other than http:// (ports 80 and443), so getting attacked by UDP requests


  means you probably have an open recursor on your DNS server that is helping with a DNS amplification


  attack. You should secure your server to prevent these DNS attacks.

  How DNS Amplification Attacks Work



If your situation does not fit any of the circumstances listed above, please provide the information

requested below and we can provide solutions for handling an issue that looks like an attack from us.

Required information to investigate:

* source IP(s) you are seeing the traffic from
* destination IP(s) on their side
* IP packet contents
* (if possible) tcpdump output in -vvv -s0 -n format



If you have additional questions, contact your recursive DNS provider (i.e. OpenDNS or Google DNS). If you

are not sure who your recursive DNS provider is then it is most likely your ISP providing recursive DNS services.