Proxy DNS records
The first - and often easiest - step of DDoS protection is making sure your DNS records are proxied through Cloudflare.
Without Cloudflare, DNS lookups for your application's URL return the IP address of your origin server ↗.
| URL | Returned IP address |
|---|---|
example.com | 192.0.2.1 |
When using Cloudflare with unproxied DNS records, DNS lookups for unproxied domains or subdomains also return your origin's IP address.
Another way of thinking about this concept is that visitors directly connect with your origin server.
flowchart LR
accTitle: Connections without Cloudflare
A[Visitor] <-- Connection --> B[Origin server]
With Cloudflare — meaning your domain or subdomain is using