Setup Cloudflare For Security Web Site

Setting Up Domains to Use Cloudflare

Using Cloudflare DNS has various benefits, even if you use a free account. The main reasons we would like to highlight this are the protection of the server from DDOS attacks and the caching of content.

Instead of pulling all the content from the site and wasting resources on the server, a portion of the content is pulled from the nearest Cloudflare location. This greatly accelerates the opening of the site and reduces the load on the server. Security is primarily about hiding the true IP address of the server and protection against DDOS attacks. The attacker will not be able to attack the server because he does not know his IP that is hidden through the Cloudflare.

To access the service you need to create an account through which your site will be registered to use Cloudflare. After you make a Cloudflare account, you can add your domain:

Add your site to cloudflare screen

Cloudflare adds a new site.

In order for Cloudflare to cache your site, you need to set your domain so that the NS (nameserver) records from your site are redirected to Cloudflare in order to control the cache of content from the records you want to cache. This should be done on a panel that controls DNS records related to your domain.

Help screen to change the name of your nameservers

Cloudflare NS Servers

When NS is transferred to Cloudflare, you will receive a notice on this on the Cloudflare panel and cache for non-www and the www records will start. Adding zonal records is no longer going as it went through the panel where you hosted the domain, but the zone is now set directly on the Cloudflare panel so that Cloudflare has now become your DNS server.

DNS servers on and off cloudflares record

Cloudflare DNS Records

If you want a new zone record, for example, a record, you add it to the field at the top of the table and later change it to the table. Status indicates whether your record goes through Cloudflare or bypasses it and goes directly to the server. For some things, it’s better to bypass the Cloudflare. Keep in mind that bypassing the Cloudflare directly reveals the IP of your server and you can be the target of an attack because the requests will no longer stop at Cloudflare. So, be careful with this.

Content Caching

Cloudflare is not just caching the content of a website as it is usually thought of. Yes, it does it very well, among other things, but this is not the only advantage that is offered. The number of connections, flows, and processing of dynamic web pages are always limited on each site, and when something out of this grows the capacity of your site, you have two options – to rent more resources or use Cloudflare to cache content. In this way, you save your server’s resources and the server becomes more relaxed and will respond to requests faster.

Certain sites you do not want to cache as an admin panel for example. You can set these things in the Cloudflare panel itself to “Page Rules” as excluding links from caching. Here is one example of a WordPress site.

Page Rules - Control your Cloudflare settings by URL

Cloudflare Page Rules 

By excluding this path, you avoid unnecessary and unwanted caching of content that should not be cached. The benefits that you can expect from CF are important and depend to a large extent on what you and how you want to cache, and savings in traffic can go up to 80%.

Protection Against DDOS Attacks

Unfortunately, the DDOS has left a common occurrence and something that is expected to happen if you have a more popular site. The solution to this problem can be complicated (querying or blocking such traffic, black-hole variants, etc.), but using Cloudflare can also help you very easily – by clicking the “Under Attack Mode” button. The visit to your site will be first checked by Cloudflare service and then released to the site.

Checking your browser before accessing - DDoS protection by cloudflare

In this way, the illegal traffic is separated, which is probably due to the DDOS attack from regular traffic. DDOS attacks are most commonly a botnet that just makes a simple connection to the web and retrieve content from this site without executing and viewing what actually is on that page. For this reason, they are not able to execute JS on the page or are not sufficiently sophisticated even if they do it. Basically, this is quite a good solution for less DOS attacks and much simpler than the mentioned black-hole that would stop all visits to the site and thus make it unavailable, which is the very target of the attack.

4 0
Article Categories:

Leave a Reply

Your email address will not be published. Required fields are marked *