I believe cloudflare drops if they cannot withstand the level of traffic you’re being hit with, which is an exception to your suggestion. As per other posts, if CF drops you, you won’t be able to build your own ddos mitigating infra without billions. Microsoft and Amazon offer similar services, but I’m guessing cloudflare offers the best resiliency based on ops specific naming of CF.
I think generally with cloudflare is they may be quick to drop you (or demand payment) if large DDoS is a regular occurrence for you. The free tier is generous but it dries up if your a huge target.
My company runs a a bunch of large community products and we run cloudflare in front of them to handle frequent DDoS attacks. We also pay for a cloudflare enterprise plan though.
The other side of the coin is them dropping a custom for other reasons.
Is immediately after. And a person died. Clouflare are aware that they shouldn’t exist. They exist because they solve a problem that our telecoms networks and government/regulatory apparatus won’t. And it’s regarding the daily stormer.
Cloudflare keeps protecting the Russian state because if they don’t Russia will develop the technology themselves and then eat some of Cloudflare’s lunch. The effectiveness of a single period of successful DDOS attacks in a whole war is debatable.
It’s easy to stop a handful of neo Nazis. The Russian state is a lot harder. If you want Cloudflare to do it get the government to force them.
If cloudflare dropped someone because they couldn't withstand the traffic, that would be an exceptional event that would not go unnoticed. I don't believe they do that.
