Atomicorp

Security for Everyone
https://forums.atomicorp.com/

CloudFlare

https://forums.atomicorp.com/viewtopic.php?t=8188

Page 1 of 1

CloudFlare

Posted: Mon Oct 19, 2015 1:14 am
by webfeatus
Does anyone have time to explain how ASL can interface with CloudFlare: https://www.cloudflare.com/features-cdn

I have set up the API key under ASL Web.
What does this provide me with?
How can I check that this API interface is configured correctly and is working?

To what extent is ASL protection extended under the CloudFlare network?
Should I be considering one of the CloudFlare paid options in order to achieve the same level of protection that ASL provides on my hosting server?

Any help will be appreciated.

Re: CloudFlare

Posted: Mon Oct 19, 2015 1:32 pm
by scott
The intent of that feature is to extend the firewall blocking into the CDN.

Why this is important: When operating behind any CDN, an attacker is being relayed through the CDN provider. That means that the IP that connects to you is the CDN IP, and not the attackers IP.

The effect is that the CDN prevents you from blocking an attacker. They are able to continue to attack the system unimpeded.

Some CDNs, like cloudflare, allow you to push block rules from your server up to the CDN, and thats what this feature does. Depending on the type of account you have with the Cloudflare you are limited to a fixed number of blocks. I believe the basic subscription only allows 200, and the higher end enterprise subscriptions go to 2500.

Re: CloudFlare

Posted: Wed Nov 04, 2015 7:50 pm
by webfeatus
From Support Engineer | CloudFlare:
The ASL WAF should be just as effective behind CloudFlare, unless these are IP based rules. Because all connections to your server will be from a CloudFlare IP, and IP based rules will not work as you expect. Any rules created that check HTTP headers should be fine.

Do I still have the same level of protection with CloudFlare as I would have on my hosting server using ASL?

Re: CloudFlare

Posted: Thu Nov 05, 2015 9:15 am
by prupert
webfeatus wrote:Do I still have the same level of protection with CloudFlare as I would have on my hosting server using ASL?
There is some overlap in the protection offered by the CloudFlare Web Application Firewall and the ASL Web Application Firewall. However, ASL is much more than the WAF alone, and the ASL WAF itself is more advanced than CloudFlare's WAF.

Re: CloudFlare

Posted: Mon Dec 07, 2015 10:40 am
by webfeatus
I only have their free package.
https://www.cloudflare.com/plans/

Are these ASL components still in operation?
Web Application Firewall
Denial of Service Protection

Or do I need to sign up?
Web application firewall (WAF), with built-in CloudFlare rule set
OWASP ModSecurity Core Rule Set
See: https://www.cloudflare.com/waf/
All times are UTC-04:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited