Cloudflare

[Tom]

First off, I wanted to say I'm in no way affiliated with Cloudflare, just I've had a very positive experience with them and I'd like to share some information so you as well can optimize your forums/websites.

https://www.cloudflare.com/ is a web performance and security company, it's a free service with paid options, however I've never needed to go the paid route as you'll find that for the average website, you'll have access to more than enough tools.

Features of Cloudflare (free version)

• Unmetered DDoS protection.
• Always Online Technology (Cloudflare serves a cached version if website is offline).
• SSL Security (Cloudflare provides an SSL certificate so your website can operate on https, no server side changes needed as Cloudflare is an intermediary between the server and the client).
• DNS Management.
• Force https.
• Page rules.
• Ability to generate additional SSL certificates for use with services such as mail servers.
• Firewall, this is a big one as you're able to challenge users from various countries if you're having issues with spam, or outright block countries and IP addresses.
• Multiple Speed and Performance optimizations.
• Accelerated Mobile Links using AMP https://ampproject.org/ You can enable this at the click of a button through Cloudflare.
• Apps, Cloudflare has an app store with many free apps to enhance your website.
• Analytics
• HTTP Strict Transport Security (HSTS)
• Automatic HTTPS Rewrites, fixes mixed content by changing “http” to “https” for all resources or links on your web site that can be served with HTTPS.
• Caching Control, ability to change when cache expires, ability to enable development mode which temporarily bypasses cache.

There's countless features that I haven't mentioned, if you have any questions, please feel free to ask them below.

 

[MrDangem]

I wonder if there is an online tutorial to engage my mybb forum to cloudflare security system.

 

[Azareal]

Something to add is that Cloudflare deflects 99.99% of spambots for me without doing a thing, I would imagine that they're blocking a lot of the shadier IP addresses.

Always online doesn't really work so well on free, if you frequently flush the cache.
Setting it up isn't particularly difficult, you basically sign up, setup your DNS with them, fiddle with some things and you're practically good to go.

You might also want to tweak your site's firewall to only allow Cloudflare IP addresses (for HTTP/S) and to slap down a little thingy which resolves the IP Addresses Cloudflare hands you to the actual IPs of the users (as it's a proxy of sorts and packs the IPs in specific headers).

I'm not sure how it would work with things like cPanel, just be careful of accidentally locking yourself out there.

 

[Tom]

You might also want to tweak your site's firewall to only allow Cloudflare IP addresses (for HTTP/S) and to slap down a little thingy which resolves the IP Addresses Cloudflare hands you to the actual IPs of the users (as it's a proxy of sorts and packs the IPs in specific headers).

Thank you for the additional information! I can't speak for other forum software, however with MyBB it's a simple option to pass the visitor IP addresses to the forum, Admin CP > Configuration > Optimization Options >

This link will tell you how to restore visitor IP addresses on different platforms.

Typically when I get spammers, I lookup their IP addresses and use Cloudflare firewall to challenge their country, never see them again after that. I haven't yet had to resort to more difficult registration questions because Cloudflare has made it so easy.

 

[Azareal]

Something to keep in mind is that *anyone* can set those headers, thus why you want to make sure it's Cloudflare when relying on them. Someone got admin access on Stack Overflow before due to them having the thing configured to grant anyone with an IP of localhost administrator access, it wasn't Cloudflare however.

One way is to block all IPs except Cloudflare, as everyone is routed through it anyway, although if the server has a module for Cloudflare enabled, it may do so for you.