Your advice is requested on this.
I have a possible client who wants to talk about a site revamp of an ancient static site (html + css & using sql databases) with me. They’re considering using WordPress or Drupal with the revamp. Currently they experience many DDoS attacks.
If I’m hired to overhaul this mammoth-sized website, I’m thinking of at the very first deploying Cloudflare on the old site to help ward off the DDoS while constructing the new site.
I have only used CF with websites that use a CDN. Is it possible to do with a static site wielding more than 500 pages? Is it feasible?
Any and all thoughts are most welcome.
Thanks in advance, Dinx.
As far as limits on page counts there are none, obviously the cache ratio won’t be high if there is low traffic, but as far DDoS they should decrease and be absorbed better.
The one concern I’d have in a situation like this would be to try and change their origin server IP address once moved to Cloudflare, since their site is already under DDoS attacks.
The criminals behind the attacks already know their IP address, and having Cloudflare in front of them will require blocking any access not coming from Cloudflare at the server level, otherwise Cloudflare protections won’t kick in. You can check Cloudflare IPs here: https://www.cloudflare.com/ips.
However, in my view it would be a waste of their server firewall power to deflect a gazillion requests, if you could obtain a new IP address after the migration to Cloudflare, as that would then obfuscate the new IP and create another level of protection. But even with a new IP address, the recommendation above of rejecting requests not coming from Cloudflare still prevails.
You should also consider a Page Rule with setting Cache Level: Cache Everything for paths containing HTML files with content that in static in nature.
I think - and I’ll know more soon after our meeting - that the traffic is actually quite high. There is a dedicated audience for this site. And the site is continually being updated with new info.
I think that they are using Cloudfront and so your suggestion of obtaining a new IP address is … pretty easy. It’s been a while since I worked on any site using amazon servers but I think it’s just a matter of stopping an instance, and then starting it back up. And making sure the domain is using the updated IP address.
But in terms of deflecting any traffic that’s not coming from Cloudflare – that’s very helpful.
I just want to stop or lessen the attacks which I believe are happening regularly. So that I can then focus on the gargantuan task of switching over to a CMS.
Thanks to you both - matteo and floripare for your insights.
This topic was automatically closed after 14 days. New replies are no longer allowed.