Features of CloudFlare

Exclusive offer: get 50% off this eBook here
Instant CloudFlare Starter [Instant]

Instant CloudFlare Starter [Instant] — Save 50%

A practical guide for using CloudFlare to effectively secure and speed up your website with this book ane ebook.

$14.99    $7.50
by Jeff Dickey | September 2013 | Open Source

The article, Features of CloudFlare, helps you learn the basics of CloudFlare to make your site perform faster. This article by Jeff Dickey, author of the book Instant CloudFlare Starter, explains about the some of the security features that CloudFlare provides to make your website much more secure.

(For more resources related to this topic, see here.)

Top 5 features you need to know about

Here we will go over the various security, performance, and monitoring features CloudFlare has to offer.

Malicious traffic

Any website is susceptible to attacks from malicious traffic. Some attacks might try to take down a targeted website, while others may try to include their own spam. Worse attacks might even try and trick your users to provide information or compromise user accounts.

CloudFlare has tools available to mitigate various types of attacks.

Distributed denial of service

A common attack on the Internet is the distributed denial-of-service(DDoS) attack. A distributed denial-of-service attack involves producing so many requests for a service that it cannot fulfill them, and crumbles under the load.

A common way this is handled in practice is by having the attacker make a server request, but never listen for the response. Typically a response will be presented by the client notifying the server that it received data, but if a client does not acknowledge, the server will keep trying for quite a while. A single client could send thousands of these requests per second, but the server would not be able to handle many at once.

Another twist to these attacks is the dynamic denial-of-service attack. This attack will be spread across many machines, making it difficult to tell where the attacks are coming from.

CloudFlare can help with this because it can monitor when users are trying an attack and reject access, or require a captcha challenge to gain access. It also monitors all of its customers for this, so if there is an attack happening on another CloudFlare site, it can protect yours from the traffic attacking the site as well.

It is a difficult problem to solve. Sometimes traffic just spikes if big news article are run. It is hard to tell when it's legitimate traffic and when it is an attack. For this, CloudFlare offers multiple levels of DoS protection. On the CloudFlare settings the Securitytab is where you can configure this advanced protection:

On the CloudFlare settings the Security tab is where you can configure this advanced protection:

The basic settings are rolled into the Basic protection level setting:

SQL injection

SQL injection is a more involved attack. On a web page, you may have a field like a username/password field. That field will probably be checked against a database for validity.

The database queries to do this are simple text strings. This means that if the query is written in a way that doesn't explicitly prevent it, an attacker can start writing their own queries.

A site that is not equipped to handle these cases would be susceptible to hackers destroying data, gaining access by pretending to be other users, or accessing data they otherwise would not have access to.

It is a difficult problem to check against when building a software. Even big companies have had issues.

CloudFlare mitigates this by looking for requests containing things that look like database queries. Almost no websites take in raw database commands as normal queries. This means that CloudFlare can search for suspicious traffic and prevent it from accessing your page.

Cross-site scripting

Cross-site scripting is similar to SQL injection except that it deals with JavaScript and not database SQL. If you have a site that has comments, for example, an unprotected site might allow a hacker to put their own JavaScript on it. Any other user of the site could execute that JavaScript. They could do things like sniff for passwords, or even credit card information.

CloudFlare prevents this in a similar fashion by looking for requests that contain JavaScript and blocking them.

Open ports

Often, services available on a server can be available without the sysadmin knowing about it. If Telnet is allowed, for example, an attacker could simply log in to the system and start checking out source code, looking into the database, or taking down the website.

CloudFlare acts as a firewall to ensure that the ports are blocked even if the server has them open.

Challenge page

When CloudFlare receives a request from a suspect user, it will usually show a challenge page asking the user to fill out a captcha to access the site. The options for customizing these settings is on the Security Settings tab:

You can also configure how that page looks by clicking on Customize. By default, it will look something like the following:

E-mail address obfuscation

E-mail address obfuscation scrambles any e-mail addresses on your page, then runs some JavaScript to decode it so that the text ends up being readable. This is nice in order to avoid getting spam in your user's e-mails, but the downside is that if a user has JavaScript disabled, they will not be able to read e-mail addresses:

Summary

In this article, we have looked at the various security features provided by CloudFlare against malicious traffic, distributed denial of service, e-mail address obfuscation, and so on. Therefore, it can be concluded that CloudFlare is one of the better website-designing options available in the market today.

Resources for Article:


Further resources on this subject:


Instant CloudFlare Starter [Instant] A practical guide for using CloudFlare to effectively secure and speed up your website with this book ane ebook.
Published: June 2013
eBook Price: $14.99
See more
Select your format and quantity:

About the Author :


Jeff Dickey

Jeff Dickey is a San Francisco based web/mobile engineer. He's worked with various firms and startups to build products and scale platforms. Currently he is working with Tapjoy, scaling one of the largest Rails platforms in the world. He also advises startup firms on how best to design their architecture, structure their teams, and manage their projects.

He is active in the open source community and has provided contributions to various projects, including Ruby on Rails. He also writes on his blog at http://dickey.xxx.

Books From Packt


Migrating to Drupal 7
Migrating to Drupal 7

Learning jQuery, Third Edition
Learning jQuery, Third Edition

Drupal Web Services
Drupal Web Services

jQuery Hotshot
jQuery Hotshot

Joomla! 2.5 Beginner’s Guide
Joomla! 2.5 Beginner’s Guide

Joomla! 1.5: Beginner's Guide
Joomla! 1.5: Beginner's Guide

WordPress 3 Complete
WordPress 3 Complete

Apache CloudStack Cloud Computing
Apache CloudStack Cloud Computing


No votes yet

Post new comment

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
5
x
K
m
n
h
Enter the code without spaces and pay attention to upper/lower case.
Code Download and Errata
Packt Anytime, Anywhere
Register Books
Print Upgrades
eBook Downloads
Video Support
Contact Us
Awards Voting Nominations Previous Winners
Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
Resources
Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software