Protect Your VPS by Enabling the Firewall Rules and User Agent Blocking using CloudFlare

Leave a reply
cloudflare-logo Protect Your VPS by Enabling the Firewall Rules and User Agent Blocking using CloudFlare Cloudflare CDN VPS Knowledgebase

cloudflare-logo

One of my VPS droplet has been under heavy attacks (either malicious or the bots) recently on an off. I got notifications of heavy CPU usage spikes and high load average up to 30 to 40 a few times per day. I have checked the apache logs and found out the unusual activities from bots or attackers.

How to Mitigate the malicious traffic by enabling the Firewall Rules using CloudFlare?

CloudFlare Firewall Rules: Control incoming traffic to your zone by filtering requests based on location, IP address, user agent, URI, and more.

For Cloudflare Free Users, you can define up to 5 active firewall rules and for Pro users, you can have up to 20 active firewall rules You can specify the conditions when incoming requests traffic match and the action to take.

cloudflare-firewall-edit Protect Your VPS by Enabling the Firewall Rules and User Agent Blocking using CloudFlare Cloudflare CDN VPS Knowledgebase

cloudflare-firewall-edit

For example, block incoming traffic to the API endpoint when the threat score is less than 5,

(cf.threat_score lt 5 and http.request.uri.path contains "/api")

Then action BLOCK. The firewall rule can be edited via the Rule Expression Builder (usually for non programmers) or manually via the expression. The fields you can control are:

  • HTTP Cookie
  • HTTP HOST
  • Referer String
  • URI
  • Request Method
  • User Agent String
  • The full X-Forwarded-For HTTP header
  • IP Address
  • Query String
  • URI Path
  • The Autonomous System (AS) number
  • The 2-letter country code
  • Whether the HTTP connection to the client is encrypted
  • Threat score
  • Known bots such as google search engine bots, linkedin bots etc.
  • and etc.

The threat score is from 0 to 49 where 0 is the HIGHEST and 49 is essentially off.

  • High – for scores greater than 0
  • Medium – for scores greater than 14
  • Low – for scores greater than 24
  • Essentially off – for scores greater than 49
cloudflare-manage-access-by-firewall-rules Protect Your VPS by Enabling the Firewall Rules and User Agent Blocking using CloudFlare Cloudflare CDN VPS Knowledgebase

cloudflare-manage-access-by-firewall-rules

The Cloudflare firewall rules are easy to manage and you don’t need to know how to configure on your origin servers – usually setting up firewall rules on your origin servers are a bit complicated. You can easier enable or disable a few particular firewall rules as CloudFlare the CDN stands in front of your origin server – regardless of attack size or duration.

How to Mitigate the malicious traffic by enabling the User Agent Blocking using CloudFlare?

CloudFlare provides another method to block or challenge a specific user agent. You can specify a user agent string and then the action either BLOCK or CHALLENGE.

cloudflare-create-a-user-agent-blocking-rule Protect Your VPS by Enabling the Firewall Rules and User Agent Blocking using CloudFlare Cloudflare CDN VPS Knowledgebase

cloudflare-create-a-user-agent-blocking-rule

You can create up to 50 User Agent Blocking rules.

AMP Version This post has 566 words.

Related Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *