But how can Cloudflare verify the legitimacy of incoming traffic to distinguish between “good” and “bad” traffic? The service uses several methods:
1. Behavioral Analysis: Cloudflare monitors the behavior of incoming traffic to identify anomalous patterns that may indicate a DDoS attack. For example, if a sudden spike in traffic comes from a large number of unknown IP addresses, this could be an attack.
2. Custom Rules: Users can create custom rules to allow or block traffic based on various criteria, such as IP address, country of origin, or browser type.

3. Machine Learning: Cloudflare uses machine learning algorithms to analyze incoming traffic and identify potential threats. These algorithms are constantly updated with new information to ensure protection from even the latest threats.