I just wonder whether CloudFlare (or others) manages this or not and if it manages how. The situation can be explained with a simple example. Think of a corporation in which there are 1000s of users. These users have the same IP (different internal IPs of course but external IP will be the same since it's a corporation..) and these users try to access the same site which is protected by CloudFlare. Will CloudFlare treat these users as the same users or not? How does DDos prevention tools manage this situation?
I would manage it as writing unique cookies for different users (kind of session_id) and look for this cookie value. Since it will be different for all of the users behind company network, there would be no problem..
Edit: That cookie solution is the way I'll go as a solution for my problem (if security vendors don't manage it..) and I didn't write it as the ideal solution for security vendors (that would be so arrogant:) )