banner
年糕

年糕日记

此站为备份站点,最新文章请访问 oior.net
telegram
email
HomeArchives

Free version of Cloudflare anti-CC simple settings

#CloudFlare#CC119
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
Cloudflare is a global content delivery network (CDN) service provider that improves network performance and security. It uses a network of distributed nodes to provide fast and secure network services. Cloudflare offers services such as threat protection, content optimization, caching, and load balancing. It also provides security measures to protect against malicious access and attacks. The setup process is simple and can defend against millions or billions of attacks. Users need to configure their domain to use Cloudflare's DNS and enable proxy status. They can then set up security measures, including IP blacklisting, DDoS attack protection, automated bot protection, and rate limiting rules. Finally, users should disable onion routing and restart their servers after setting up Cloudflare's rules. Overall, Cloudflare is a reliable and free service that should be used responsibly to avoid misuse and potential cancellation.

Cloudflare is a global content delivery network (CDN) service provider used to accelerate networks and improve network performance and security services. Cloudflare uses a distributed network of nodes to provide fast and secure network services. Its services extend to over 200 countries and regions, supporting up to 200,000 websites. Cloudflare provides many excellent services, including threat protection, content optimization, anti-caching, load balancing, etc. It also offers security interception to block malicious access and attacks, protecting user content and data security.

The following operations are all foolproof operations, very simple, just click the mouse casually. But the defense effect is good, even if it exceeds millions/billions of attacks, ordinary VPS can withstand it!

Configuration

First, connect the domain name to Cloudflare, do DNS resolution well, and enable proxy status (that is, light up the orange cloud when resolving). If you have previously set up WAF (firewall rules/rate limiting rules/hosting rules/tools, as well as security page rules) according to other tutorials, please disable it, otherwise it may affect the priority of the rules set below!

Make sure there are no problems with the above, then we can start.

  1. Open the Cloudflare official website and log in, click on the website to be protected, and find security.

1

Click on settings in the security column, and set it according to the following picture. The main purpose here is to intercept those IP blacklists.

CF→Security→Settings→Set security level to: High (do not enable I'm Under Attack!, because this will require human verification for any request, wait for 5 seconds.)
Set Challenge Passage Period to: 15 minutes or 30 minutes, and set it to 5 minutes for severe cases.
Browser Integrity Check: Enable

2

  1. Open Security→DDOS→HTTP DDoS Attack Protection, and click on configure on the right.

3

Set Alternative Name (required) to: Any name
Set Rule Set Action (required) to: Hosted Challenge or Block Directly (choose Block when under attack)
Set Rule Set Sensitivity (required) to: High

4

  1. Open Security→Bot Fight Mode: Enable Bot Fight Mode

5

  1. Open Security→WAF→Rate Limiting Rules, and create a rate limiting rule.

6

The rule is as follows:

7

Finally, it is recommended to fill in a request value of 35 or more for When the rate exceeds..., otherwise it will affect normal user access. For text and image blog websites, it is recommended to use 50 or more. If you are using the paid version of Cloudflare, it is recommended to use Hosted Challenge instead of blocking directly.

  1. Open Network→Onion Routing, and turn it off.

8

Finally, after setting the Cloudflare rules, wait for one or two minutes and then restart the server to disconnect existing connections.

Summary

Cloudflare is an excellent vendor that provides defense for free and does not limit user traffic. However, we must make good use of it. There are too many free and easy-to-use products that cannot withstand abuse and are canceled. I hope Cloudflare will not become the next one to be canceled!

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.