It sounds like you have a publicly exposed backend. Why is this?
Because it provides API-service. Like CloudFlare does too.
No, our backend provides API-service. Front just only use it for requesting data. Backend is accessable from internet because client’s browser sends requests on the backend by itself.
No to what?
Backend can be attacked directly, so we don’t need to protect frontend. Purpose is backend.
You might want to have a look at Cloudflare’s Access feature. That is probably what you are after.
Do you talk about this? https://www.cloudflare.com/products/cloudflare-access/
The bottom line is you need to protect that backend server from attacks.
You can craft a Firewall Rule using some parameters such as Referer, to make sure only visitors referred by your website are allowed access. Or blocking by Threat Score. Possibly Cookies.
Maybe a Page Rule to enforce Browser Integrity.
Or Rate Limiting (from the Firewall page Tools section)
Thank for your replies!
This topic was automatically closed after 30 days. New replies are no longer allowed.