What is Cloudflare? How To Set Up Cloudflare and Features of Cloudflare

What is Cloudflare? How To Set Up Cloudflare and Features of Cloudflare


This post has been especially created to provide you with all the information that you need to get set up with CloudFlare. You will learn the basics of CloudFlare, make your site perform faster, and discover some tips and tricks for using CloudFlare. So, what is CloudFlare? looks at what CloudFlare actually is, what you can do with it, and why it's so great. 
Installation teaches you how to set up CloudFlare with the minimum fuss so that you can use it as soon as possible. Quick start shows you how to perform one of the core tasks of CloudFlare— making your site work faster. 
Top 5 features you need to know about explains how to perform five tasks with the most important security features of CloudFlare. By the end of this section you will be able to secure your site with CloudFlare.
What is cloudflare

What is CloudFlare?

CloudFlare is a service that webmasters can use to provide better performance and higher security on their websites. High performance websites lead to higher visitor engagement, retention, and conversions. CloudFlare has various tools to help speed up your website. Usually the best way to increase a website's performance is with a Content Delivery Network (CDN). In order to understand how CloudFlare optimizes the performance, it's important to first understand how a CDN works. 

Why to use CDN ?

This allows the content to be served up quickly as the servers are located closer to the end user. It also helps distribute the load off the application servers, thus making the experience for end users better as well as saving server resources. It's an important part of any website. If you want your website to load fast and scale well, then it's a necessity. 

Cloudflare Techniques To optimize Web Page


•SPDY support: SPDY is a new protocol designed to be much faster than 

HTTP at transporting web content. 

•Railgun: This is a compressor used to reduce the data needed to deliver 

content. 

•Preloading: CloudFlare can be configured to preload content that's used 

often before the user reaches a page that requires it. 

•Rocket Loader: This ensures that loading external resources doesn't pause 

the loading of the rest of the page. It can also be configured to combine multiple JavaScript and CSS files into one. 

•AutoMinify: This compresses HTML, CSS, and JavaScript to reduce file 

size and improve client-side performance. 

•Local storage caching: This leverages the browser's local storage to be 

used as a local cache for objects. 

•Cache header optimization: This adjusts cache information on request, so 

browsers will correctly cache the content. 

•Aggressive GZIP: GZIP compresses data across a network. Some gate

ways and firewalls will incorrectly notify upstream servers that GZIP is not supported. CloudFlare works despite this and ensures that GZIP is supported where it is available. 

•Browser optimization: This ensures that images and content are served in 

the most efficient way possible. For instance, serving images specific to mobile only when accessed by a mobile device. 

•Page prerendering: This starts loading a new page when hovering over 

links to them.

How To Install Cloudflare 

In order to use CloudFlare, you'll need to have a domain and also the access to change the DNS nameservers for it. It should not result in any downtime for your site. First, we will add the site in CloudFlare and let it scan our DNS entries. After that completes, we will have to ensure that the DNS entries are valid by crossreferencing with our current DNS server. Finally, we will move the nameservers over to CloudFlare. 

Step 1 – getting CloudFlare set up

Getting CloudFlare set up is pretty simple as compared to most DNS providers. However, the terms used on the Internet to describe DNS are old, and as such, not the easiest to digest when you're new to them. The following are the important concepts behind DNS: 

•IP address: IP addresses are numeric addresses for computers. It's similar to a street address, and it tells computers where other computers are. When you go to any site, it's through an IP address. They usually look something like this: 74.125.224.72. In fact, that's actually Google's IP address; try typing it into your browser. 

•Domain Name System (DNS): DNS describes the entire process of making domain names route to IP addresses. For example, how www.google.com becomes 74.125.224.72. 

•Nameserver: This is a part of the DNS system that routes domain names to their IP addresses. 

•Domain name registrar: This is the server that tells us which nameservers are used with what domain. This is different than the nameserver. In our case, the domain name registrar will be the place we registered the domain (GoDaddy, Namecheap, and so on) and the nameserver will be CloudFlare. 

•DNS record: This is an individual part of a domain's DNS. DNS records allow you to have things like subdomains (for example, plus.google.com points to a different server than www.google.com). It also allows you to have an e-mail on the same domain as a website. The following is a list of the most common DNS record types: 

•A record: It uses a name to point to a specific IP address (for www.google.com it is 74.125.224.72) 

•CNAME record: This points a name to another name (for www.
google.com it is google.com) 

•Mail Exchanger (MX) record: This defines whether a mail server 

needs to receive any e-mails sent to the domain. 

•Zone file: This is a list of DNS records. In our case, CloudFlare will contain the zone file for our domain. 

•Time To Live (TTL): It defines how long a computer should remember a DNS record before asking again. 

•Text (TXT): This is often used to add verification codes, anti-spam techniques, and other arbitrary text. It doesn't affect the domain's connectivity. 

Step 2 – adding DNS information to CloudFlare 

First create a CloudFlare account at www.cloudflare.com. Also, log in to your DNS provider and go to the DNS configuration page. This is most likely your domain registrar (GoDaddy, Namecheap, and so on), unless you have changed it. On my current DNS provider (Namecheap), this is the All Host Records tab. You should see things like A, CNAME, and MX records. Begin the DNS transfer at https://www.cloudflare.com/my-websites. Fill in the textbox with your domain name and click on Add website: 

Now CloudFlare is doing a scan of your DNS information so that it will be able to serve the traffic from CloudFlare's nameservers: 
Click on Continue setup once that is completed. 

Step 3 – verifying DNS configuration

You will now be at the DNS configuration screen: 
CloudFlare has grabbed all your DNS records from your current host. We call this a zone file. Each row here represents a different DNS record. Let's take a moment to analyze what each column of this table means: 

•Type: DNS record type (A, CNAME, MX, or TXT) 

•Name: The subdomain that will match to that record 

•Value: When a client requests a given name, this is the response they will receive. In the case of an A record, for example, it will return the IP address of the website. 

•TTL: Time to live defines how long the client will cache the record. Automatic is usually best here. 

•Active: This defines whether the request will be routed through CloudFlare for optimization or not. Let me also bring up my current DNS configuration on my domain registrar. Here, we use Namecheap, so yours will look different depending on which you're currently with: You'll see that this zone file is very simple. If it had more than just a single A record, I would want to make sure that it is included in CloudFlare's zone file before we switch over to use CloudFlare. 

What is interesting here is that there are a few records that I have not specified in my old zone file that CloudFlare has added. They are as follows: 

•direct: CloudFlare provides a direct subdomain to access your site. This can be helpful in case you're having issues with CloudFlare. If I were to access direct.abc.com instead of abc.com, I would be directly accessing my site without going through CloudFlare. This can be helpful if you need to use FTP or for debugging. 

•www: This CNAME allows users to access abc.com through www.abc.com as well. It works like a redirect by saying that anything requesting www will receive the A record. 

•mx: Since there was no mail server, CloudFlare added this record to allow mail to be received by the same web server at the A record. 

How To configuring CloudFlare features 

Now that we have the DNS configured in CloudFlare, we can enable the features that CloudFlare provides. 

Step 1 – configuring initial settings 

We'll be welcomed with a screen allowing us to set some initial settings. I suggest setting Performance to CDN only (safest) at first, and Security to Medium. Feel free to read through the various options to decide what you would like. The reason I suggest the lowest level of performance is that you don't yet know how your site will react to CloudFlare. Click on Continue when done. 

Step 2 – switching nameservers to CloudFlare 

Now we are at the step where we need to change our domain registrar's nameserver settings over to CloudFlare. Now I need to go to my registrar and set the nameservers to anna.ns.cloudflare.com and dave.ns.cloudflare.com. The nameservers that CloudFlare needs you to use may be different from mine: 

And that's it. You should receive an e-mail when the nameservers are transferred. It might take up to 24 hours, but it usually happens within a couple of minutes. To check if your site is working, I suggest the Claire plugin for Google Chrome. It will show an icon when you're browsing a CloudFlare site at 

https://chrome.google.com/webstore/detail/fgbpcgddpmjmamlibbaobboigaijnmkl.
It should turn orange if the site has CloudFlare enabled, along with the features that it is using.

Step 3 – configuring performance settings

Now that we've got CloudFlare up and running, let's take a look at the performance settings and figure out how to tune them best for your site. To get to the performance settings page, go to CloudFlare settings on your CloudFlare dashboard: 

Now click on the Performance settings tab to see the different options available to you. The first option you'll see on this page is the Performance profile setting: 

I don't recommend you to use this setting. This will set the individual settings, shown in the following screenshot, to either have a more aggressive caching profile, or a more stable profile.I suggest you read each of the individual settings and set them to what will work for your website instead. 

Step 4 – configuring e-mail

Now that we have the website working, let's get our e-mail configured. If you don't need e-mail on your domain, you can skip this section. If you don't currently have a mail server configured, the easiest way to do so is by setting up Google Apps for domains. At the time of writing this post, Google offers a free plan for up to 10 users. Follow the instructions for your mail provider, and then ensure that your MX records are set appropriately in CloudFlare's zone file.

Once you do that, there are a couple other configuration steps you will need to complete in order to ensure deliverability. Deliverability is a measure of how likely it is for e-mails that are sent from your domain to get stuck in spam filters. The best two ways to ensure that it does not happen is by setting your SPF and DKIM records appropriately. 

Top 5 features of Cloudflare 

Here we will go over the various security, performance, and monitoring features CloudFlare has to offer. 

Malicious traffic

Any website is susceptible to attacks from malicious traffic. Some attacks might try to take down a targeted website, while others may try to include their own spam. Worse attacks might even try and trick your users to provide information or compromise user accounts. CloudFlare has tools available to mitigate various types of attacks. 

Distributed denial of service

A common attack on the Internet is the distributed denial-of-service (DDoS) attack. A distributed denial-of-service attack involves producing so many requests for a service that it cannot fulfill them, and crumbles under the load. A common way this is handled in practice is by having the attacker make a server request, but never listen for the response. Typically a response will be presented by the client notifying the server that it received data, but if a client does not acknowledge, the server will keep trying for quite a while. 

A single client could send thousands of these requests per second, but the server would not be able to handle many at once. Another twist to these attacks is the dynamic denial-of-service attack. This attack will be spread across many machines, making it difficult to tell where the attacks are coming from. CloudFlare can help with this because it can monitor when users are trying an attack and reject access, or require a captcha challenge to gain access. 

It also monitors all of its customers for this, so if there is an attack happening on another CloudFlare site, it can protect yours from the traffic attacking the site as well. It is a difficult problem to solve. Sometimes traffic just spikes if big news article are run. It is hard to tell when it's legitimate traffic and when it is an attack. For this, CloudFlare offers multiple levels of DoS protection. On the CloudFlare settings the Security tab is where you can configure this advanced protection: 

SQL injection

SQL injection is a more involved attack. On a web page, you may have a field like a username/password field. That field will probably be checked against a database for validity. The database queries to do this are simple text strings. This means that if the query is written in a way that doesn't explicitly prevent it, an attacker can start writing their own queries.

A site that is not equipped to handle these cases would be susceptible to hackers destroying data, gaining access by pretending to be other users, or accessing data they otherwise would not have access to. It is a difficult problem to check against when building a software. Even big companies have had issues. CloudFlare mitigates this by looking for requests containing things that look like database queries. Almost no websites take in raw database commands as normal queries. This means that CloudFlare can search for suspicious traffic and prevent it from accessing your page. 

Cross-site scripting 

Cross-site scripting is similar to SQL injection except that it deals with JavaScript and not database SQL. If you have a site that has comments, for example, an unprotected site might allow a hacker to put their own JavaScript on it. Any other user of the site could execute that JavaScript. They could do things like sniff for passwords, or even credit card information. CloudFlare prevents this in a similar fashion by looking for requests that contain JavaScript and blocking them

Open ports 

Often, services available on a server can be available without the sysadmin knowing about it. If Telnet is allowed, for example, an attacker could simply log in to the system and start checking out source code, looking into the database, or taking down the website. CloudFlare acts as a firewall to ensure that the ports are blocked even if the server has them open. 

Challenge page 

When CloudFlare receives a request from a suspect user, it will usually show a challenge page asking the user to fill out a captcha to access the site. The options for customizing these settings is on the Security Settings tab: 

You can also configure how that page looks by clicking on Customize.

E-mail address obfuscation

E-mail address obfuscation scrambles any e-mail addresses on your page, then runs some JavaScript to decode it so that the text ends up being readable. This is nice in order to avoid getting spam in your user's e-mails, but the downside is that if a user has JavaScript disabled, they will not be able to read e-mail addresses: 

Server side exclude

If there is any content you really don't want suspicious users to see, you can wrap it in the <!—sse--> tags to hide it: 

Browser integrity check

A browser integrity check will analyze the HTTP headers to see if the user appears suspicious. I suggest enabling this as another method to look for potentially suspicious users: 

Hotlink protection

Hotlink protection ensures that your images cannot be easily stolen and put on another site via hotlinks. The users will still be able to download the images and rehost them, but would not be able to use your site to do so: 
The only reason to enable this would be to prevent server costs of hosting images on a high-traffic site. However, CloudFlare should optimize images, making this a somewhat minor security feature.

Threat control

The threat control part of CloudFlare allows you to see the individuals that are getting blocked and see more information about them: 
Here I can see all the spammers and botnet zombies that have come to my site. By hovering over the CHALLENGED text, I can also see that they all had reached a captcha, but did not pass it. If I were to notice that a user was hitting the same captcha and passing it, I might want to whitelist their IP by clicking on TRUST. I could also add in a range of IPs that I wanted to trust.

SSL configuration

If you have any sort of login/authentication on your website, having SSL configured is an absolutely necessary security step you will have to take.

Post a Comment

0 Comments