How does it protect the origin server directly?

It provides implementation steps for firewalling the origin server to only allow Cloudflare's IP ranges and configuring Authenticated Origin Pulls using mutual TLS certificates.

Does this skill support automated incident response?

Yes, it includes a Python-based automation workflow that monitors traffic via Cloudflare's GraphQL API and can automatically enable 'Under Attack Mode' during traffic spikes.

What types of DDoS attacks can this skill help mitigate?

This skill provides configurations for Layer 3/4 volumetric attacks (like SYN or UDP floods), protocol attacks, and Layer 7 application-layer attacks (like HTTP floods and cache-busting).

Which Cloudflare plans are required for these features?

Most basic DDoS protection is available on all plans, but WAF features typically require a Pro plan or higher, and Advanced DDoS protection requires an Enterprise plan.

Cloudflare DDoS Mitigation

Name: Cloudflare DDoS Mitigation
Author: mukul975

bymukul975

•

4,121

•

Security & Testing

Configures Cloudflare's security stack to protect web applications against volumetric, protocol, and application-layer DDoS attacks.

This skill provides comprehensive guidance and implementation patterns for securing web infrastructure using Cloudflare’s robust DDoS protection suite. It enables users to configure managed rulesets for Layer 3 through Layer 7, set up advanced rate limiting, and deploy Web Application Firewall (WAF) rules to block malicious traffic. By offering automated API workflows for DNS management and origin server hardening techniques like Authenticated Origin Pulls, this skill ensures that your applications remain resilient against sophisticated threats—including SYN floods, DNS amplification, and HTTP floods—while maintaining high performance for legitimate users.

Key Features

01Layer 3/4 and Layer 7 DDoS managed ruleset configuration via API

024,121 GitHub stars

03Automated 'Under Attack Mode' activation based on real-time traffic analytics

04WAF custom rules for blocking high-risk ASNs, countries, and bot patterns

05Advanced rate limiting for granular API and login endpoint protection

06Origin server hardening through IP whitelisting and mTLS origin pulls

Use Cases

01Defending production web applications from high-volume L7 HTTP flood attacks

02Securing backend APIs from brute-force attempts and resource exhaustion

03Hardening origin infrastructure to ensure it only processes proxied Cloudflare traffic

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills implementing-ddos-mitigation-with-cloudflare

For use in Claude.ai and ChatGPT

Key Features

01Layer 3/4 and Layer 7 DDoS managed ruleset configuration via API

024,121 GitHub stars

03Automated 'Under Attack Mode' activation based on real-time traffic analytics

04WAF custom rules for blocking high-risk ASNs, countries, and bot patterns

05Advanced rate limiting for granular API and login endpoint protection

06Origin server hardening through IP whitelisting and mTLS origin pulls

Use Cases

01Defending production web applications from high-volume L7 HTTP flood attacks

02Securing backend APIs from brute-force attempts and resource exhaustion

03Hardening origin infrastructure to ensure it only processes proxied Cloudflare traffic

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills implementing-ddos-mitigation-with-cloudflare

For use in Claude.ai and ChatGPT