Because that is a different feature.

And did you notice they call them “mitigation” and not “protection”? 🙂

Yeah, typo on my part.

You claim that Cloudflare doesn’t live up to their words. Please cite where in the terms of services it says that the DDOS mitigation is limited on the free plan or sources of free customers being affected by this. Or are you just saying “read the fine print” without having read them yourself and you are just using that as some magic way to win all arguments?

Anyway, I really don’t understand people’s obsession with DDoS, particularly self-hosting people. The chances of their little website ever being the target of a DDoS are astronomical. Many of them don’t take proper backups, and don’t worry about theft or fire or electric spikes, which are far more likely, but go frantic when they hear about features they’ll never use.

Yeah, I absolutely agree and I have said that to some in this post. But it’s even more worthless to argue about the free plan. It’s not like some private person is ever gonna be DDOSed so aggressively that Cloudflare would even notice. If an enterprise (like where I work) is in real need of ddos protection they would already be on the enterprise plan or they would be forced to it by Cloudflare.