First of all, let me explain how user integrity check works and why it is a problem for HTTP based (layer 7) attacks.

Basically, it checks for two different factors: Cookies validation and Javascript validation.

The flood must pass these two factors in order to access the website. Now the cookies validation is quite easy since every HTTP request can handle sending a cookie or receiving a cookie with it, but the hard part would be running the javascript code which is later getting validated in Cloudflare’s servers. Which means that all the layer 7 scripts that we are used to, will fail in the validation (Joomla, XMLRPC, Get, Head, Post etc).

Now for the methods explanation:

*Bots – Using bots with regular browser requests will bypass the validation due to the simple fact that they can run the javascript code without an issue (and storing the cookies of course). Therefore, using this type of flood with a botnet on a booter would actually bypass cloudflare and hit the backend.

*Smart requests – This is the more interesting script and is extremely rare. The script basically processes the Javascript code in the server-side without directly running it. This would require calculating the math and afterwards storing the cookies. Now of course it would be much more complicated and of course slower than a regular get flood, but it would hit the backend. This type of method is not yet established in public booters or stressers but I would guess that they soon would.