Cloudflare. Just do it.

Cloudflare is a front end to your typical web site – it offers a layer of protection to your site by concealing the IP address, by intercepting requests and in general dealing with useless slag of people who like to hack sites.  I have no connection to Cloudflare, I am not even a [paying] customer!  This is just one of those services you just have to tell people about, you know?  If you have a web site… well, see the post title above.

The basic (i.e. free) account is absurdly valuable and powerful.  They have a few minor limitations that you would probably only naturally run up against when your site’s needs warrant paying a bit for security.  The shift from free to premium level features is really well balanced, and I don’t think the premium features are all that expensive, for what value you can get from them.

The setup is very basic.  Set up an account, point your nameservers for your site’s domain to Cloudflare and walk through the wizards to get traffic flowing through from their site to yours.  That’s pretty much it.  Any DNS record management should be done on Cloudflare.  Note that if you have non-web apps like SSH and you want to use a FQDN for that, you will need to point a record directly to the IP address without proxying.  This removes a little bit of the concealment for your site but it’s necessary, since they won’t forward those requests (nor should they, really).

Immediately, you will gain caching, decent nameserver management, SSL certificates and the ability to defend against DDoS attacks with a flip of a switch!

With a little bit of other configuration, you can even set up firewall rules that will really interfere with bot/script attacks on, say, a WordPress site.  Check out the page here for some examples.  Since it was written a few years ago as of this posting, some of the named options are slightly different, but should be easy to find.  You can restrict access to a particular page (i.e. login page) to one or two IP addresses from here.  Don’t forget to put in a safe IP address before you block yourself out (although it should be easy enough to remove that rule, since you aren’t really blocking yourself from Cloudflare itself).  If you have a static IP address somewhere that is a good one to have in your rules.

I wish I had set this up earlier, it’s so easy, and pays off so much.  I have plans to migrate all of the sites I work with to Cloudflare over time.



, ,




Leave a Reply