Does anyone have time to explain how ASL can interface with CloudFlare: https://www.cloudflare.com/features-cdn
I have set up the API key under ASL Web.
What does this provide me with?
How can I check that this API interface is configured correctly and is working?
To what extent is ASL protection extended under the CloudFlare network?
Should I be considering one of the CloudFlare paid options in order to achieve the same level of protection that ASL provides on my hosting server?
Any help will be appreciated.
CloudFlare
CloudFlare
They say that good intentions, pave the road to hell;
If a thing is not worth doing, it's not worth doing well.
If a thing is not worth doing, it's not worth doing well.
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: CloudFlare
The intent of that feature is to extend the firewall blocking into the CDN.
Why this is important: When operating behind any CDN, an attacker is being relayed through the CDN provider. That means that the IP that connects to you is the CDN IP, and not the attackers IP.
The effect is that the CDN prevents you from blocking an attacker. They are able to continue to attack the system unimpeded.
Some CDNs, like cloudflare, allow you to push block rules from your server up to the CDN, and thats what this feature does. Depending on the type of account you have with the Cloudflare you are limited to a fixed number of blocks. I believe the basic subscription only allows 200, and the higher end enterprise subscriptions go to 2500.
Why this is important: When operating behind any CDN, an attacker is being relayed through the CDN provider. That means that the IP that connects to you is the CDN IP, and not the attackers IP.
The effect is that the CDN prevents you from blocking an attacker. They are able to continue to attack the system unimpeded.
Some CDNs, like cloudflare, allow you to push block rules from your server up to the CDN, and thats what this feature does. Depending on the type of account you have with the Cloudflare you are limited to a fixed number of blocks. I believe the basic subscription only allows 200, and the higher end enterprise subscriptions go to 2500.
Re: CloudFlare
From Support Engineer | CloudFlare:
The ASL WAF should be just as effective behind CloudFlare, unless these are IP based rules. Because all connections to your server will be from a CloudFlare IP, and IP based rules will not work as you expect. Any rules created that check HTTP headers should be fine.
Do I still have the same level of protection with CloudFlare as I would have on my hosting server using ASL?
The ASL WAF should be just as effective behind CloudFlare, unless these are IP based rules. Because all connections to your server will be from a CloudFlare IP, and IP based rules will not work as you expect. Any rules created that check HTTP headers should be fine.
Do I still have the same level of protection with CloudFlare as I would have on my hosting server using ASL?
They say that good intentions, pave the road to hell;
If a thing is not worth doing, it's not worth doing well.
If a thing is not worth doing, it's not worth doing well.
Re: CloudFlare
There is some overlap in the protection offered by the CloudFlare Web Application Firewall and the ASL Web Application Firewall. However, ASL is much more than the WAF alone, and the ASL WAF itself is more advanced than CloudFlare's WAF.webfeatus wrote:Do I still have the same level of protection with CloudFlare as I would have on my hosting server using ASL?
Lemonbit Internet Dedicated Server Management
Re: CloudFlare
I only have their free package.
https://www.cloudflare.com/plans/
Are these ASL components still in operation?
Web Application Firewall
Denial of Service Protection
Or do I need to sign up?
Web application firewall (WAF), with built-in CloudFlare rule set
OWASP ModSecurity Core Rule Set
See: https://www.cloudflare.com/waf/
https://www.cloudflare.com/plans/
Are these ASL components still in operation?
Web Application Firewall
Denial of Service Protection
Or do I need to sign up?
Web application firewall (WAF), with built-in CloudFlare rule set
OWASP ModSecurity Core Rule Set
See: https://www.cloudflare.com/waf/
They say that good intentions, pave the road to hell;
If a thing is not worth doing, it's not worth doing well.
If a thing is not worth doing, it's not worth doing well.