Example WAF AntiDDos

If I may add here as a really good reference for further cases in terms of security and protection with Cloudflare:

Nevertheless, consider blocking some of the known “bad user-agents”, “crawlers” or “bad ASNs” using below posts:

If you need to block requests and traffic to proxied DNS records (:orange:) to all compatible and supported Cloudflare port’s except port 80 and 443, use the below Firewall Rule:

If using cPanel or some other, which is working over 2083, etc, the above one is good, while also the other could be combined as well (you could allowlist and allow only your IP if you need to access cPanel interface):

  • (http.request.uri.path contains "cpanel") or (http.request.uri.path contains "plesk") or (http.request.uri.path contains "whm")

If using WordPress, consider to add something to your Firewall Rules from below links (including wp-login.php and xmlrpc.php):
https://turbofuture.com/internet/Cloudflare-Firewall-Rules-for-Securing-WordPress

Therefore, some Firewall Tips are published here:

Using the search :search: :

We can use Cloudflare Access / Zero Trust (Teams) to protect some admin dashboard:

https://www.tuonetti.fi/en/cloudflare-access-guide/

Nevertheless, do not forget and properly setup the Cache for your website which can help leverage the load and tasks your server has to do for each request:

Last but not the least, kindly see more by reading Cloudflare articles which contain a lot of helpful information for better understanding and usage as well in terms of Security and Protection:

2 Likes