Protecting your Website Against Attacks Using Web Application Firewall
BackgroundNasir launched a website to enable the public report any case of human trafficking. Since the launch, there has been series of attacks against the website. He does not know how to protect against these types of attacks because he is not a security expert.
In this tutorial, we will show you how to use CloudFlare’s free tier service to protect your web servers against ongoing HTTP-based DDoS attacks by enabling “I’m Under Attack Mode”. This security mode can mitigate DDoS attacks by verifying the legitimacy of a connection before passing it to your web server.
This tutorial assumes that you have the following:
- A web server
- A registered domain that points to your web server
- Access to the control panel of the domain registrar that issued the domain
You must also sign up for a CloudFlare account before continuing. Note that this tutorial will require the use of CloudFlare’s nameservers.
Configure Your Domain to Use CloudFlare
Before using any of CloudFlare’s features, you must configure your domain to use CloudFlare’s DNS.
If you haven’t already done so, log in to CloudFlare.
Add a Website and Scan DNS Records
After logging in, you will be taken to the Get Started with CloudFlare page. Here, you must add your website to CloudFlare and Begin Scan:
The next page shows the results of the DNS record scan. Be sure that all of your existing DNS records are present, as these are the records that CloudFlare will use to resolve requests to your domain. In our example, we used cockroach.nyc as the domain:
Note that, for your A and CNAME records that point to your web server(s), the Status column should have an orange cloud with an arrow going through it. This indicates that the traffic will flow through CloudFlare’s reverse proxy before hitting your server(s).
Next, select your CloudFlare plan.
Change Your Nameservers
For Godaddy users you can point your cloudflare nameservers from Godaddy by following this process.
Wait for Nameservers to Update
The Pending status means that CloudFlare is waiting for the nameservers to update to the ones that it prescribed (e.g. eva.ns.cloudflare.com and matt.ns.cloudflare.com). If you changed your domain’s nameservers, all you have to do is wait and check back later for an Active status. If you click theRecheck Nameservers button or navigate to the CloudFlare dashboard, it will check if the nameservers have updated.
CloudFlare Is Active
Once the nameservers update, your domain will be using CloudFlare’s DNS and you will see it has anActive status, like this:
Recommended First Steps for All CloudFlare Users. This is important to ensure that CloudFlare will allow legitimate connections from services that you want to allow, and so that your web server logs will show the original visitor IP addresses (instead of CloudFlare’s reverse proxy IP addresses).
Once you’re all set up, let’s take a look at the I’m Under Attack Mode setting in the CloudFlare firewall.
I’m Under Attack Mode
By default, CloudFlare’s firewall security is set to Medium. This offers some protection against visitors who are rated as a moderate threat by presenting them with a challenge page before allowing them to continue to your site. However, if your site is the target of a DDoS attack, that may not be enough to keep your site operational. In this case, the I’m Under Attack Mode might be appropriate for you.
If you enable this mode, any visitor to your website will be presented with an interstitial page that performs some browser checks and delays the visitor for about 5 seconds before passing them to your server.
Note: Keep in mind that you only want to have I’m Under Attack Mode enabled when your site is the victim of a DDoS attack. Otherwise, it should be turned off so it does not delay normal users from accessing your website for no reason.
How To Enable I’m Under Attack Mode
How To Disable I’m Under Attack Mode
As the I’m Under Attack Mode should only be used during DDoS emergencies, you should disable it if you aren’t under attack. To do so, go to the CloudFlare Overview page, and click the Disable button:
Now that your website is using CloudFlare, you have another tool to easily protect it against HTTP-based DDoS attacks. There are also a variety of other tools that CloudFlare provides that you may be interested in setting up, like free SSL certificates. As such, it is recommended that you explore the options and see what is useful to you.
Continue the conversation.
Visit forum.safeonline.ng to post comments and get advice from a community of security experts