CloudFlare

Customer support forums for Atomic Protector (formerly Atomic Secured Linux). There is no such thing as a bad question here as long as it pertains to using Atomic Protector. Newbies feel free to get help getting started or asking questions that may be obvious. Regular users are asked to be gentle. :-)
User avatar
webfeatus
Forum Regular
Forum Regular
Posts: 196
Joined: Wed Jan 13, 2010 9:11 am
Location: Bali

CloudFlare

Unread post by webfeatus »

Does anyone have time to explain how ASL can interface with CloudFlare: https://www.cloudflare.com/features-cdn

I have set up the API key under ASL Web.
What does this provide me with?
How can I check that this API interface is configured correctly and is working?

To what extent is ASL protection extended under the CloudFlare network?
Should I be considering one of the CloudFlare paid options in order to achieve the same level of protection that ASL provides on my hosting server?

Any help will be appreciated.
They say that good intentions, pave the road to hell;
If a thing is not worth doing, it's not worth doing well.
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: CloudFlare

Unread post by scott »

The intent of that feature is to extend the firewall blocking into the CDN.

Why this is important: When operating behind any CDN, an attacker is being relayed through the CDN provider. That means that the IP that connects to you is the CDN IP, and not the attackers IP.

The effect is that the CDN prevents you from blocking an attacker. They are able to continue to attack the system unimpeded.

Some CDNs, like cloudflare, allow you to push block rules from your server up to the CDN, and thats what this feature does. Depending on the type of account you have with the Cloudflare you are limited to a fixed number of blocks. I believe the basic subscription only allows 200, and the higher end enterprise subscriptions go to 2500.
User avatar
webfeatus
Forum Regular
Forum Regular
Posts: 196
Joined: Wed Jan 13, 2010 9:11 am
Location: Bali

Re: CloudFlare

Unread post by webfeatus »

From Support Engineer | CloudFlare:
The ASL WAF should be just as effective behind CloudFlare, unless these are IP based rules. Because all connections to your server will be from a CloudFlare IP, and IP based rules will not work as you expect. Any rules created that check HTTP headers should be fine.

Do I still have the same level of protection with CloudFlare as I would have on my hosting server using ASL?
They say that good intentions, pave the road to hell;
If a thing is not worth doing, it's not worth doing well.
prupert
Forum Regular
Forum Regular
Posts: 573
Joined: Tue Aug 01, 2006 2:45 pm
Location: Netherlands

Re: CloudFlare

Unread post by prupert »

webfeatus wrote:Do I still have the same level of protection with CloudFlare as I would have on my hosting server using ASL?
There is some overlap in the protection offered by the CloudFlare Web Application Firewall and the ASL Web Application Firewall. However, ASL is much more than the WAF alone, and the ASL WAF itself is more advanced than CloudFlare's WAF.
Lemonbit Internet Dedicated Server Management
User avatar
webfeatus
Forum Regular
Forum Regular
Posts: 196
Joined: Wed Jan 13, 2010 9:11 am
Location: Bali

Re: CloudFlare

Unread post by webfeatus »

I only have their free package.
https://www.cloudflare.com/plans/

Are these ASL components still in operation?
Web Application Firewall
Denial of Service Protection

Or do I need to sign up?
Web application firewall (WAF), with built-in CloudFlare rule set
OWASP ModSecurity Core Rule Set
See: https://www.cloudflare.com/waf/
They say that good intentions, pave the road to hell;
If a thing is not worth doing, it's not worth doing well.
Post Reply