Skip to content

Setup

In order to enable automatic mitigation of random prefix attacks:

  1. Set up DNS Firewall.

  2. Send a PATCH request to update your DNS Firewall cluster.

    Terminal window
    curl --request PATCH "https://api.cloudflare.com/client/v4/accounts/{account_id}/dns_firewall/{cluster_tag}" \
    --header "Authorization: Bearer <API_TOKEN>" \
    --header "Content-Type: application/json" \
    --data '{
    "attack_mitigation": {
    "enabled": true,
    "only_when_upstream_unhealthy": true
    }
    }'

Once you receive a 200 success response from the API, queries identified as being part of a random prefix attack will receive a REFUSED response.