Protecting Project Galileo websites from HTTP attacks

On June 13, 2019, the fifth anniversary of Project Galileo was celebrated. The program currently protects over 550 websites from various types of attacks. These sites are protected by Cloudflare Firewall and Advanced DDoS Protection features which include firewall rules, security level settings, access rules, browser integrity checks, WAF (Web Application Firewall), hotlink protection, HTTP DoS protection, rate limits, and zone lockdown utility. The most interesting feature is the WAF, which identifies and blocks malicious requests based on heuristics and rules learned from customer experiences. A heat map shows that the average Project Galileo site saw malicious traffic for 27 days in a month observed, with almost 60% of sites experiencing daily events. The WAF blocked over 4.5 million requests during this period. DoS attacks are also mitigated by Cloudflare's automatic tools like Gatebot. Customers can use Firewall Rules to block traffic and Access Rules to challenge or block visitors based on IP address, ASN, or country. Rate limiting is used to protect specific pages from heavy load, while the Security Level feature helps in setting up a threshold sensitivity for incoming requests. Overall, these features provide comprehensive security for Project Galileo customers.