cPFence
If you rely solely on that setup, then yes.
UFW Global Limit is just the first defence ( which can be adjusted ).
Then, you set up a throttle per IP via Nginx, for example, followed by F2B and lastly, Cloudflare.
Yes, you can't just rely on Cloudflare alone. The attacker will be able to find out your real IP, and you will be dead!
We have had one server experience this kind of issue, and it was stopped without affecting other websites.
We just do not implement any setup; we test it first.
Good luck to the OP!