Introducing FlareStack
Automated, edge-native IP blocking without the massive bill.
The Breaking Point
During a massive DDoS attack in February 2026, I found myself playing whack-a-mole. I was manually identifying thousands of abusive IPs and updating Cloudflare WAF custom lists by hand to avoid dropping legitimate users on the same ASNs.
Why not just use Cloudflare's built-in Rate Limiting? Because real-time rate limiting inspects every single request on the fly. When you're getting slammed with millions of requests, that bill skyrockets. I needed a smarter, cheaper way to automate this.
Enter FlareStack
I built FlareStack: a SaaS-ready, edge-native IP reputation and automated blocking system for Cloudflare. It takes the manual labor out of mitigating floods, without the massive real-time processing costs.
Instead of sitting in the critical path of every request, FlareStack runs asynchronously on a cron schedule. It wakes up every minute, queries the Cloudflare GraphQL Analytics API (asking "who made way too many requests in the last 5 minutes?"), and automatically shoves those offending IPs into a WAF Custom List.
The result? Absolutely zero added latency to your origin server, and abusive IPs are dropped directly at the edge.
Built on the Edge
Cloudflare Workers
The engine running the cron jobs and hitting the GraphQL API, built entirely with TypeScript.
D1 + Drizzle ORM
Serverless SQLite handling token storage, zone configs, and mitigation rules securely.
React Router v7 + Tailwind
A clean, snappy dashboard to configure rules, view audit logs, and manage Cloudflare accounts.
Better-Auth
Rock-solid, modern authentication baked right into the dashboard using SQLite.
It's 100% Open Source
I built this to scratch my own itch, but I know how painful DDoS mitigation is. FlareStack is fully extensible, and you can deploy it to your own Cloudflare account today.
Star it on GitHub