cloudflare · patriciasantaana · Jan 27, 2026 · Jan 26, 2026 · Jan 26, 2026 · pedrosousa
@@ -54,7 +54,7 @@
 
 In the case of a Slowloris attack, the attacker sends incomplete HTTP header lines, thus never completing the HTTP request. The server waits for the complete request, holding the connection open. The attacker periodically sends additional HTTP header fields or partial lines to keep the connection alive. This can be achieved by sending partial HTTP headers, or using the `content-length` header to declare a message body size larger than what is actually sent.
 
-The best practice to defend against low and slow attacks is by using an HTTP reverse proxy, such as Cloudflare's [CDN](/fundamentals/concepts/how-cloudflare-works/) or [WAF](/waf/) service. The reverse proxy acts as a shield. It waits for a full HTTP request before forwarding it to the origin, serving from cache, or applying other actions based on user configuration. If you are using our CDN/WAF services, our L7 reverse proxy will absorb low and slow attacks. It will buffer uploads at the edge by default. The proxy will wait for the full HTTP request before passing it on. The client requests must be completed. 
+The best practice to defend against low and slow attacks is by using an HTTP reverse proxy, such as Cloudflare's [CDN](/fundamentals/concepts/how-cloudflare-works/) or [WAF](/waf/) service. The reverse proxy acts as a shield. It waits for a full HTTP request before forwarding it to the origin, serving from cache, or applying other actions based on user configuration. You can configure your zone so that requests are buffered by Cloudflare, which will absorb low and slow attacks. Our proxy waits for the full HTTP request before passing it on. To enable buffered requests, refer to [Request Body Buffering](/rules/configuration-rules/settings/#request-body-buffering).
 
 The request will be served from Cloudflare's [Cache](/cache/) or [Workers](/workers/), if applicable. If not, it will only be sent to the origin — assuming it was fully completed and has passed WAF checks. So the attack does not exist, similar to TCP Slowloris attacks protection.
 
@@ -102,7 +102,7 @@

 ## What are LOIC and HOIC?

 LOIC is a popular network stress testing and DoS attack application that is used to flood a server with TCP, UDP, or HTTP requests with the intention of disrupting the service. It is known for its simplicity and ability to be used by individuals with minimal hacking experience. LOIC can be directed by the user to attack a small server, which can cause the server to slow down or crash from the overload of requests. It became famous around 2010 for its use by the hacker group Anonymous in attacks against major companies and organizations.

 HOIC is an upgrade from LOIC, designed to overcome some of its limitations, especially in terms of detection and mitigation. It allows users to launch a more powerful DoS attack by enabling attacks on multiple websites at the same time with a higher volume of requests. HOIC also incorporates a feature that makes it more difficult for defense mechanisms to identify and mitigate the attack traffic, partly because it uses a technique that allows the traffic to mimic legitimate HTTP traffic, which is more challenging for traditional network security tools to detect. HOIC supports the use of "booster" scripts that enable it to target various websites simultaneously, significantly increasing its potency as a tool for conducting broad-scale DoS attacks.

@@ -124,7 +124,7 @@

 ## Does Cloudflare charge for DDoS attack traffic?

 No. Since 2017, Cloudflare offers [free, unmetered, and unlimited DDoS protection](https://blog.cloudflare.com/unmetered-mitigation/). There is no limit to the number of DDoS attacks, their duration, or their size. Cloudflare's billing systems automatically exclude DDoS attack traffic from your usage. 

 ---