cloudflare-logo
One of my VPS droplet has been under heavy attacks (either malicious or the bots) recently on an off. I got notifications of heavy CPU usage spikes and high load average up to 30 to 40 a few times per day. I have checked the apache logs and found out the unusual activities from bots or attackers.
How to Mitigate the malicious traffic by enabling the Firewall Rules using CloudFlare?
CloudFlare Firewall Rules: Control incoming traffic to your zone by filtering requests based on location, IP address, user agent, URI, and more.
For Cloudflare Free Users, you can define up to 5 active firewall rules and for Pro users, you can have up to 20 active firewall rules You can specify the conditions when incoming requests traffic match and the action to take.
cloudflare-firewall-edit
For example, block incoming traffic to the API endpoint when the threat score is less than 5,
(cf.threat_score lt 5 and http.request.uri.path contains "/api")
Then action BLOCK. The firewall rule can be edited via the Rule Expression Builder (usually for non programmers) or manually via the expression. The fields you can control are:
- HTTP Cookie
- HTTP HOST
- Referer String
- URI
- Request Method
- User Agent String
- The full X-Forwarded-For HTTP header
- IP Address
- Query String
- URI Path
- The Autonomous System (AS) number
- The 2-letter country code
- Whether the HTTP connection to the client is encrypted
- Threat score
- Known bots such as google search engine bots, linkedin bots etc.
- and etc.
The threat score is from 0 to 49 where 0 is the HIGHEST and 49 is essentially off.
- High – for scores greater than 0
- Medium – for scores greater than 14
- Low – for scores greater than 24
- Essentially off – for scores greater than 49
cloudflare-manage-access-by-firewall-rules
The Cloudflare firewall rules are easy to manage and you don’t need to know how to configure on your origin servers – usually setting up firewall rules on your origin servers are a bit complicated. You can easier enable or disable a few particular firewall rules as CloudFlare the CDN stands in front of your origin server – regardless of attack size or duration.
How to Mitigate the malicious traffic by enabling the User Agent Blocking using CloudFlare?
CloudFlare provides another method to block or challenge a specific user agent. You can specify a user agent string and then the action either BLOCK or CHALLENGE.
cloudflare-create-a-user-agent-blocking-rule
You can create up to 50 User Agent Blocking rules.
Product Recommendations
- Make Your WordPress Fast Again! This WordPress is accelerated by WP Rocket Plugin!
- Free $10 Credit, when you sign up with Vultr Cloud VPS (4 Months Giveaway!)
- Free $10 Credit, when you sign up with Digital Ocean Cloud VPS (2 Months Giveaway!)
- Free $20 Credit, when you sign up with Linode Cloud VPS (4 Months Giveaway!) - (Coupon: PodCastInit2018)
- The easiest way to Buy and Sell Bitcoins/Litecoins via Wirex Visa Debit Card!
- Buy and Sell Bitcoins/Litecoins via Local Bitcoins