(For more resources related to this topic, see here.)

Top 5 features you need to know about

Here we will go over the various security, performance, and monitoring features CloudFlare has to offer.

Malicious traffic

Any website is susceptible to attacks from malicious traffic. Some attacks might try to take down a targeted website, while others may try to include their own spam. Worse attacks might even try and trick your users to provide information or compromise user accounts.

CloudFlare has tools available to mitigate various types of attacks.

Distributed denial of service

A common attack on the Internet is the distributed denial-of-service(DDoS) attack. A distributed denial-of-service attack involves producing so many requests for a service that it cannot fulfill them, and crumbles under the load.

A common way this is handled in practice is by having the attacker make a server request, but never listen for the response. Typically a response will be presented by the client notifying the server that it received data, but if a client does not acknowledge, the server will keep trying for quite a while. A single client could send thousands of these requests per second, but the server would not be able to handle many at once.

Another twist to these attacks is the dynamic denial-of-service attack. This attack will be spread across many machines, making it difficult to tell where the attacks are coming from.

CloudFlare can help with this because it can monitor when users are trying an attack and reject access, or require a captcha challenge to gain access. It also monitors all of its customers for this, so if there is an attack happening on another CloudFlare site, it can protect yours from the traffic attacking the site as well.

It is a difficult problem to solve. Sometimes traffic just spikes if big news article are run. It is hard to tell when it’s legitimate traffic and when it is an attack. For this, CloudFlare offers multiple levels of DoS protection. On the CloudFlare settings the Securitytab is where you can configure this advanced protection:

On the CloudFlare settings the Security tab is where you can configure this advanced protection:

The basic settings are rolled into the Basic protection level setting:

SQL injection

SQL injection is a more involved attack. On a web page, you may have a field like a username/password field. That field will probably be checked against a database for validity.

The database queries to do this are simple text strings. This means that if the query is written in a way that doesn’t explicitly prevent it, an attacker can start writing their own queries.

A site that is not equipped to handle these cases would be susceptible to hackers destroying data, gaining access by pretending to be other users, or accessing data they otherwise would not have access to.

It is a difficult problem to check against when building a software. Even big companies have had issues.

CloudFlare mitigates this by looking for requests containing things that look like database queries. Almost no websites take in raw database commands as normal queries. This means that CloudFlare can search for suspicious traffic and prevent it from accessing your page.

Cross-site scripting

Cross-site scripting is similar to SQL injection except that it deals with JavaScript and not database SQL. If you have a site that has comments, for example, an unprotected site might allow a hacker to put their own JavaScript on it. Any other user of the site could execute that JavaScript. They could do things like sniff for passwords, or even credit card information.

CloudFlare prevents this in a similar fashion by looking for requests that contain JavaScript and blocking them.

Open ports

Often, services available on a server can be available without the sysadmin knowing about it. If Telnet is allowed, for example, an attacker could simply log in to the system and start checking out source code, looking into the database, or taking down the website.

CloudFlare acts as a firewall to ensure that the ports are blocked even if the server has them open.

Challenge page

When CloudFlare receives a request from a suspect user, it will usually show a challenge page asking the user to fill out a captcha to access the site. The options for customizing these settings is on the Security Settings tab:

You can also configure how that page looks by clicking on Customize. By default, it will look something like the following:

E-mail address obfuscation

E-mail address obfuscation scrambles any e-mail addresses on your page, then runs some JavaScript to decode it so that the text ends up being readable. This is nice in order to avoid getting spam in your user’s e-mails, but the downside is that if a user has JavaScript disabled, they will not be able to read e-mail addresses:

Summary

In this article, we have looked at the various security features provided by CloudFlare against malicious traffic, distributed denial of service, e-mail address obfuscation, and so on. Therefore, it can be concluded that CloudFlare is one of the better website-designing options available in the market today.

Resources for Article:

Further resources on this subject:

• Getting Started with RapidWeaver [Article]
• LESS CSS Preprocessor [Article]
• Translations in Drupal 6 [Article]