My question is, what did people do before Cloudflare? There are different types of DDoS attacks. I vaguely remember what we did over a decade ago, which was blackhole IPs. I'm not sure if people still do this directly with iptables, but at the time, this was the bread-and-butter approach for transport DDoS. If your issue was web application related, then you'd move up to fail2ban.
DDoS protection for web applications is a different beast than raw transport.
If you're a vicim of an amplified DDoS attack, your filtering may need to occur off the server.
DDoS scrubbing centers. They are still used today but add some latency and are very expensive. There are also some expensive appliances that learn legit traffic and can be put into a defense mode that drops anything it did not learn at a certain volume. CDN's have incentives to be more cost effective as they want to have your traffic 100% of the time. DDoS scrubbing centers are on-demand via BGP changes.
DDoS protection for web applications is a different beast than raw transport.
If you're a vicim of an amplified DDoS attack, your filtering may need to occur off the server.