Have you ever felt an unusual slowness in your network speed or unexpected unavailability of a certain website? Chances could be that there could be a Denial of Service attack in progress. You might be familiar with the term – Denial of Service but in reality, it can be difficult to distinguish between a real attack and normal network activity. Denial of Service (or DoS) attack, which, as the name suggests, directly relates to being denied a service, notably, the Internet. A DoS attack is a kind of attack that eats upon the resources of a user and brings the network down to its knees, thereby preventing the legitimate users from accessing any website. The DoS attack has been and remains one of the most sophisticated attacks to which one does not have a potential prevention policy. In this post, we’ll advise how to extenuate DDoS Attacks Using Cloudflare.
What is Cloudflare?
CloudFlare is a company that provides content delivery network (CDN) and distributed DNS services by acting as a reverse proxy for websites. CloudFlare’s free and paid services can be used to improve the security, speed, and availability of a website in a variety of ways. In this tutorial, we will show you how to use CloudFlare’s free tier service to protect your web servers against ongoing HTTP-based DDoS attacks by enabling “I’m Under Attack Mode”. This security mode can mitigate DDoS attacks by presenting an interstitial page to verify the legitimacy of a connection before passing it to your web server.
Configure Your Domain to Use CloudFlare
Before using any of CloudFlare’s features, you must configure your domain to use CloudFlare’s DNS.
If you haven’t already done so, log in to CloudFlare.
Add a Website and Scan DNS Records
After logging in, you will be taken to the Get Started with CloudFlare page. Here, you must add your website to CloudFlare:
Enter the domain name that you want to use CloudFlare with and click the Begin Scan button. You should be taken to a page that looks like this:
This takes about a minute. When it is complete, click the Continue button.
The next page shows the results of the DNS record scan. Be sure that all of your existing DNS records are present, as these are the records that CloudFlare will use to resolve requests to your domain. In our example, we used our domain windowswebhostingreview.com as the domain:
Note that, for your A and CNAME records that point to your web server(s), the Status column should have an orange cloud with an arrow going through it. This indicates that the traffic will flow through CloudFlare’s reverse proxy before hitting your server(s).
Next, select your CloudFlare plan. In this tutorial, we will select the Free plan option. If you want to pay for a different plan because you want additional CloudFlare features, feel free to do so:
Change Your Nameservers
The next page will display a table of your domain’s current nameservers and what they should be changed to. Two of them should be changed to CloudFlare nameservers, and the remaining entries should be removed.
To change your domain’s nameservers, log in to your domain registrar control panel and make the DNS changes that CloudFlare presented. For example, if you purchased your domain through a registrar like GoDaddy or NameCheap, you will need to log into appropriate registrar’s control panel and make the changes there.
When you are finished changing your nameservers, click the Continue button. It can take up to 24 hours for the nameservers to switch but it usually only takes several minutes.
Wait for Nameservers to Update
Because updating nameservers takes an unpredictable amount of time, it is likely that you will see this page next:
CloudFlare Is Active
Once the nameservers update, your domain will be using CloudFlare’s DNS and you will see it has an Active status, like this:
This means that CloudFlare is acting as a reverse proxy to your website, and you have access to whichever features are available to the pricing tier that you signed up for. If you’re using the free tier, as we are in this tutorial, you will have access some of the features that can improve your site’s security, speed, and availability. We won’t cover all of the features in this tutorial, as we are focusing on mitigating ongoing DDoS attacks, but they include CDN, SSL, static content caching, a firewall (before the traffic reaches your server), and traffic analytics tools.
Also note the Settings Summary, right below your domain will show your website’s current security level (medium by default) and some other information.
Before continuing, to get the most out of CloudFlare, you will want to follow this guide: Recommended First Steps for All CloudFlare Users. This is important to ensure that CloudFlare will allow legitimate connections from services that you want to allow, and so that your web server logs will show the original visitor IP addresses (instead of CloudFlare’s reverse proxy IP addresses).
Once you’re all set up, let’s take a look at the I’m Under Attack Mode setting in the CloudFlare firewall.
I’m Under Attack Mode
By default, CloudFlare’s firewall security is set to Medium. This offers some protection against visitors who are rated as a moderate threat by presenting them with a challenge page before allowing them to continue to your site. However, if your site is the target of a DDoS attack, that may not be enough to keep your site operational. In this case, the I’m Under Attack Mode might be appropriate for you.
If the checks pass, the visitor will be allowed through to your website. The combination of preventing and delaying malicious visitors from connecting to your site is often enough to keep it up and running, even during a DDoS attack.
Keep in mind that you only want to have I’m Under Attack Mode enabled when your site is the victim of a DDoS attack. Otherwise, it should be turned off so it does not delay normal users from accessing your website for no reason.
How To Enable I’m Under Attack Mode
If you want enable I’m Under Attack Mode, the easiest way is to go to the CloudFlare Overview page (the default page) and select it from the Quick Actions menu:
The security settings will immediately switch to I’m Under Attack status. Now, any visitors to your site will be presented with the CloudFlare interstitial page that was described above.
Conclusion
Now that your website is using CloudFlare, you have another tool to easily protect it against HTTP-based DDoS attacks. There are also a variety of other tools that CloudFlare provides that you may be interested in setting up, like free SSL certificates. As such, it is recommended that you explore the options and see what is useful to you.
