Instant CloudFlare Starter [Instant] — Save 50%
A practical guide for using CloudFlare to effectively secure and speed up your website with this book ane ebook.
The article, Features of CloudFlare, helps you learn the basics of CloudFlare to make your site perform faster. This article by Jeff Dickey, author of the book Instant CloudFlare Starter, explains about the some of the security features that CloudFlare provides to make your website much more secure.
(For more resources related to this topic, see here.)
Top 5 features you need to know about
Here we will go over the various security, performance, and monitoring features CloudFlare has to offer.
Any website is susceptible to attacks from malicious traffic. Some attacks might try to take down a targeted website, while others may try to include their own spam. Worse attacks might even try and trick your users to provide information or compromise user accounts.
CloudFlare has tools available to mitigate various types of attacks.
Distributed denial of service
A common attack on the Internet is the distributed denial-of-service(DDoS) attack. A distributed denial-of-service attack involves producing so many requests for a service that it cannot fulfill them, and crumbles under the load.
A common way this is handled in practice is by having the attacker make a server request, but never listen for the response. Typically a response will be presented by the client notifying the server that it received data, but if a client does not acknowledge, the server will keep trying for quite a while. A single client could send thousands of these requests per second, but the server would not be able to handle many at once.
Another twist to these attacks is the dynamic denial-of-service attack. This attack will be spread across many machines, making it difficult to tell where the attacks are coming from.
CloudFlare can help with this because it can monitor when users are trying an attack and reject access, or require a captcha challenge to gain access. It also monitors all of its customers for this, so if there is an attack happening on another CloudFlare site, it can protect yours from the traffic attacking the site as well.
It is a difficult problem to solve. Sometimes traffic just spikes if big news article are run. It is hard to tell when it's legitimate traffic and when it is an attack. For this, CloudFlare offers multiple levels of DoS protection. On the CloudFlare settings the Securitytab is where you can configure this advanced protection:
On the CloudFlare settings the Security tab is where you can configure this advanced protection:
The basic settings are rolled into the Basic protection level setting:
SQL injection is a more involved attack. On a web page, you may have a field like a username/password field. That field will probably be checked against a database for validity.
The database queries to do this are simple text strings. This means that if the query is written in a way that doesn't explicitly prevent it, an attacker can start writing their own queries.
A site that is not equipped to handle these cases would be susceptible to hackers destroying data, gaining access by pretending to be other users, or accessing data they otherwise would not have access to.
It is a difficult problem to check against when building a software. Even big companies have had issues.
CloudFlare mitigates this by looking for requests containing things that look like database queries. Almost no websites take in raw database commands as normal queries. This means that CloudFlare can search for suspicious traffic and prevent it from accessing your page.
Often, services available on a server can be available without the sysadmin knowing about it. If Telnet is allowed, for example, an attacker could simply log in to the system and start checking out source code, looking into the database, or taking down the website.
CloudFlare acts as a firewall to ensure that the ports are blocked even if the server has them open.
When CloudFlare receives a request from a suspect user, it will usually show a challenge page asking the user to fill out a captcha to access the site. The options for customizing these settings is on the Security Settings tab:
You can also configure how that page looks by clicking on Customize. By default, it will look something like the following:
E-mail address obfuscation
In this article, we have looked at the various security features provided by CloudFlare against malicious traffic, distributed denial of service, e-mail address obfuscation, and so on. Therefore, it can be concluded that CloudFlare is one of the better website-designing options available in the market today.
Resources for Article:
- Getting Started with RapidWeaver [Article]
- LESS CSS Preprocessor [Article]
- Translations in Drupal 6 [Article]
About the Author :
Jeff Dickey is a San Francisco based web/mobile engineer. He's worked with various firms and startups to build products and scale platforms. Currently he is working with Tapjoy, scaling one of the largest Rails platforms in the world. He also advises startup firms on how best to design their architecture, structure their teams, and manage their projects.
He is active in the open source community and has provided contributions to various projects, including Ruby on Rails. He also writes on his blog at http://dickey.xxx.