>Wait... isn't the point of paying cloudflare to prevent DoS attacks?
Hahahahahaha..
Cloudflare exists to get in the way of your users from accessing your site and you who are trying to run a site. They claim to be an anti-DoS service but I've never seen any evidence they actually do that. I still get Cloudflare messages a plenty that the website is down. And of course that moronic time waster where it wants me to perform a captcha constantly without actually serving the captcha.
They do provide a pretty decent anti-ddos service. They regularly sink gigabytes of traffic before it hits our origin servers. There's lots to complain about them, but this is something they actually do well.
Don't know why it didn't work for you, but there are a few things that can trip up ops.
That has not at all been my experience with Cloudflare. At a previous job, it took us just a few hours to set up and configure all the options and WAF details, etc., then they took our drive-by probes and bot spam from thousands per day to near zero. Over the course of the next year, we had less than 3 reports of blocked access from real humans; one was traveling and another was behind a shared IP organization. Is it possible some customers were blocked and left frustrated without ever telling us? Yes, but that business kept growing, and it was in an industry where most of our customers were repeat dealers that would let us know very quickly if they couldn't access the website. So if there were false positives, there weren't many.
Cloudflare saved us immeasurable time vs manually configuring firewalls and blackholes and honeypots and open-source lists -- all for $20/mo. It was an amazing service. And they blew their competitors at the time out of the water (Imperva, etc.)... much higher quality blocking at like 1/10 the cost.
If you see a Cloudflare message that the website is down, well, chances are the website is down. If they set it up a certain way, Cloudflare may have been able to cache some pages beforehand, or not... but either way, it's probably not Cloudflare's fault. The site probably would've been down even more often without Cloudflare, just without the CF error page. (That said, DNSSec is a pain and can often cause issues with Cloudflare and other proxies)
As for hCaptcha, I don't think I've ever had an issue with it (besides being unable to tell what something was, I mean)... did you have JS turned off or strict third-party blocking, perhaps?
Hahahahahaha..
Cloudflare exists to get in the way of your users from accessing your site and you who are trying to run a site. They claim to be an anti-DoS service but I've never seen any evidence they actually do that. I still get Cloudflare messages a plenty that the website is down. And of course that moronic time waster where it wants me to perform a captcha constantly without actually serving the captcha.