We live in interesting times (yes, this is an old Oriental curse). One of the issues we constantly face is the dreaded DDoS (Dedicated Denial of Service) attack. Tools such as LOIC (Low Orbit Ion Cannon) and its relatives (such as High Orbit Ion Cannon) are readily available and can be used to bring a website down. Essentially, a web server is flooded with bogus requests to the point that it can no longer respond to actual visitors. One should understand that such attacks are illegal in many countries and one should never use such tools against production websites. Still, even if something is illegal, that doesn’t mean your website may not be attacked in this manner. So, what should one do? One can deploy more resources, but these can also be overwhelmed by such tools. There must be a better approach.
CloudFlare is such a tool. CloudFlare is a Content Delivery Network (CDN). This means that static content on your site is distributed across 14 data centers throughout the world. Dynamic content is still served from your web server. This also means that a static copy of some pages is available to visitors even if your web server is down for a short while. Although there are a lot of advantages to using CloudFlare, I will focus on the security and networking aspects.
Security – CloudFlare detects new attacks (and handles a large number of known attack vectors). Details can be found at their website. One also gets analytics (including threats).
Networking – Probably the biggest impact today is the increasing need for IPv6 (as IPv4 addresses are mostly allocated). CloudFlare allows you to activate an IPv6 address by selecting a simple switch.
Did I mention there is a free version of CloudFlare? The downside is that SSL is only supported in the paid version
So, how does one go about moving an existing site to CloudFlare? If you have access to a tool like cPanel from your hosting provider, you might be tempted to do this through cPanel. Mark’s helpful hint – DON’T. This approach is experimental can can generate a DNS loop which will prevent your site from loading at all. Instead, I recommend going directly to the CloudFlare site and creating an account. I recommend starting with the free account and expanding as you require more services. It is a simple matter to set up a given site with CloudFlare. I recommend picking a time when the traffic is relatively low. You will need to change the DNS NameServers to point to the ones provided by CloudFlare. You will need to do this via your domain registrar (for example NameCheap or Dotster). I provide a screen capture (with details blurred out) of the DNS settings you need to change. Note that highlighted values are used by CloudFlare, greyed out values are exclusively on your server. Click on the image to see the full version.
Analytics – CloudFlare also provides a fair amount of analytics for your site. An example is shown below for a site I just converted a couple of days ago. Click on the image to see the full version.
IPv6 validation – After you have been using CloudFlare, you can verify your website is ready for IPv6 using tools like the IPv6 validator. I have included a screen capture for one selected domain I am responsible for so you can see the results.
If you have concerns about possible attacks to your websites (and most probably do these days), I recommend considering CloudFlare. I am curious what reader’s thoughts are. Please provide your comments (I do have to approve them and it may take a little while).
Loading ...
