Protect against random prefix attacks

In order to enable automatic mitigation of random prefix attacks:

Set up DNS Firewall.

Send a PATCH request to update your DNS Firewall cluster.

curl -X PATCH "https://api.cloudflare.com/client/v4/accounts/<ACCOUNT_ID>/dns_firewall/<CLUSTER_TAG>" \ -H "Authorization: Bearer <token>" \ -H "Content-Type: application/json" \ --data '{"attack_mitigation":{   "enabled":true,   "only_when_upstream_unhealthy":true   } }'

Once you receive a 200 success response from the API, queries identified as being part of a random prefix attack will receive a REFUSED response.

If you do not specify otherwise in your API call, Cloudflare automatically sets the "only_when_upstream_unhealthy" parameter to true, which means that Cloudflare will only mitigate attacks when we detect that the upstream is unresponsive (possibly as a result of an attack). This setting can also be changed via the API, using a request similar to the ones shown above.