3 Reasons why you should use Cloudflare (or something similar)

Cloudflare. You’ve probably heard that before. Cloudflare website does a pretty good job of explaining what is cloudflare.However, for the discussion in this post, Cloudflare is two things : 1>A CDN. 2>A DNS firewall. 
In this post, I will only discuss the free plan of Cloudflare.

When discussing Cloudlfare, a lot of people discuss it as a CDN, which it is. But there is also a security aspect which is the focus of this post. When you integrate Cloudflare, it sits between your website and the user’s browser.

 

 

All traffic to and from your site has to move through Cloudflare. Now, wouldn’t it be nice if it did something more than allow traffic to move through it? Yes it would be, and that’s what Cloudflare does to the traffic. Let’s heade straight into the topic :

3 Reasons why you should use Cloudflare (or something similar)

 

1. The bot fight mode

All plans of Cloudflare are equipped with a firewall. This includes the free plan. This firewall is capable of mitigating DDoS attacks. I have been in situations where we were looking at Google Analytics with hundreds of real time users, but as soon as we enabled the “I’m under attack mode”, all those bots went away and google analytics started showing zero users.
The good thing is, you don’t have to do anything additional to get this kind of protection. By default, the firewall’s bot fighting mode is switched on.
You can check this by going to Firewall—>Settings
 
Essentially, bot fight does what the name says : it fights bots.You have seen this in action. For example, puzzles like below: 
Yes, that’s right. Whenever Cloudflare’s firewall is set to heightened level, or there is any suspicious traffic, it will present the visitor with a captcha like the one in the above image, before they can reach the server. This feature saves sites not only from DDoS attacks, but also hacking. Because, when hacking, attackers use automated tools to scan your site and to look for and exploit any vulnerabilities. By filtering out this automated traffic, Cloudflare protects your site.

2.Firewall and page rules

The free plan of Cloudflare comes equipped with the ability to add firewall and page rules. You can add up to 5 Firewall rules, and, up to 3 page rules.  You can refer Cloudflare’s awesome support articles  to understand Firewall rules and Page rules You say, “these can be done through the .htaccess file on my site”. It is true. However, your site has limited server resources. It will manage a few simultaneous requests, but it will crumble if hit with thousands of simultaneous requests. This is why we delegate the responsibility to Cloudflare.

3. The I’m under attack mode

This sounds like panic mode, because that’s exactly what it is. In this mode, Cloudflare will aggressively check all traffic headed towards your site. There is no way any bot can skip through this mode. Not only are captcha puzzles presented, they are presented multiple times throughout the session, for example, when navigating through pages. This is a drastic measure and used only when absolutely necessary. Otherwise, it will unnecessarily hurt the UX. Thhis setting can be activated from firewall settings, as shown below: Once activated, this mode will immediately halt any brute force attacks targeting your site. And then you can work on getting your site back online. It is recommended to let the I’m attack mode on for 48 hours at least and then downgrade to High, and then to Medium. What is online will be targeted. Do not be under the impression that hackers target only well known sites. If it’s online, it’s a target. Cloudflare, when combined with a good firewall like Shield Security, will boost your security and reduce the chances of getting hacked.

Leave a Reply