How can we protect our web api-service?

#1

We use client-server web architecture. Frontend side send requests to backend side. And we need to protect our backend part. As I know if I activate “Under attack mode” CloudFlare will be show interstitial page, which requires javascript and cookies. But our backend doesn’t use javascript and cookies. So how can CloudFlare help us to protect our service? Which plan we need to buy for this?

0 Likes

#2

It sounds like you have a publicly exposed backend. Why is this?

0 Likes

#3

It is not your backend which needs to pass the JavaScript challenge but your frontend, so there shouldnt be a problem with your backend “not supporting” it. Even though you typically dont need support from either “end” but only from the browser.

1 Like

#4

Because it provides API-service. Like CloudFlare does too.

0 Likes

#5

No, our backend provides API-service. Front just only use it for requesting data. Backend is accessable from internet because client’s browser sends requests on the backend by itself.

0 Likes

#6

No to what?

0 Likes

#7

Backend can be attacked directly, so we don’t need to protect frontend. Purpose is backend.

0 Likes

#8

That is still not JavaScript related.

You might want to have a look at Cloudflare’s Access feature. That is probably what you are after.

0 Likes

#9

Do you talk about this? https://www.cloudflare.com/products/cloudflare-access/

0 Likes

#10

Yes.


0 Likes

#11

The bottom line is you need to protect that backend server from attacks.

You can craft a Firewall Rule using some parameters such as Referer, to make sure only visitors referred by your website are allowed access. Or blocking by Threat Score. Possibly Cookies.

Maybe a Page Rule to enforce Browser Integrity.

Or Rate Limiting (from the Firewall page Tools section)

0 Likes

#12

Thank for your replies!

1 Like

closed #13

This topic was automatically closed after 30 days. New replies are no longer allowed.

0 Likes