Setup
In order to enable automatic mitigation of random prefix attacks:
- 
Set up DNS Firewall. 
- 
Send a PATCHrequest to update your DNS Firewall cluster.
At least one of the following token permissions is required:Required API token permissions - DNS Firewall Write
 Update DNS Firewall Cluster curl "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/dns_firewall/$DNS_FIREWALL_ID" \--request PATCH \--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \--json '{"attack_mitigation": {"enabled": true,"only_when_upstream_unhealthy": true}}'
Once you receive a 200 success response from the API, queries identified as being part of a random prefix attack will receive a REFUSED response.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark
-