Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Cloudflare  (Read 228 times)

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33969
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Cloudflare
« on: July 09, 2024, 12:33:02 AM »

Has anyone used the free version of Cloudflare, particularly with dynamic content such as a forum and php pages

https://www.cloudflare.com/en-gb/plans/
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

Derpy

  • Member
  • **
  • Posts: 59
Re: Cloudflare
« Reply #1 on: July 09, 2024, 03:15:20 AM »

Yes extensively and also Pro.
Currently use a mix of Pro and free across a lot of domains.
Logged

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33969
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Cloudflare
« Reply #2 on: July 12, 2024, 03:43:58 AM »

Thanks Derpy. Was the free version ok with dynamic pages such as running a forum. 
Ive seen mixed reports on whether to use it with SMF.  A couple of the main SMF core programmers say it can cause problems, but then theres some of what appear to be experienced who users say it works fine for them.

----

I think Ive managed to put a stop to the massive amount of Chinese bots that I seemed to attract as soon as the site moved to a new server with a different IP, but theres still a lot of background noise coming from a few different locations.  China was by far the worst for hitting registration and trying to bypass login.  Those get reported in the SMF logs and coming in at about a few hundred thousand per hour making it difficult to see anything else.   Touch wood Ive managed to keep them at bay with htaccess.  I'm mindful that a large htaccess file can still cause server load but at least they are no longer directly targetting the login and registration.   Apparently when SMF or the server ran routine or daily maintenance scripts things just ground to a crawl and caused problems with the temp file.. hence the problem with the sessions.  The guys at SMF said the error message I got meant lack of space for the temp file.   Yet my hosts were saying it should have adequate.  The new server has more diskspace > temp than the old.  I supposedly have a honey pot but I dont think that works if they directly call for a particular page.

Its just scary to think about the HUGE amount of bots I seemed to attract within hours of the IP going live.  These bots were specifically targetting SMF registration and the login page. SMF wasnt unique, for example I could see many failed attempts to find WP files at various locations when I dont even use  WordPress.  China seems to be the main culprit, but Russia is up there too.   A more surprising country is Sweden, but perhaps not when its become a favourite location for VPNs.
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7449
  • AAISP CF
Re: Cloudflare
« Reply #3 on: July 12, 2024, 04:45:46 AM »

I use free (as well as paid) cloudflare as well although most of my experience is on static content.

However you can use content headers to tell cloudflare how to behave so e.g. you should be able to make it always go to the origin server for forum requests.  Or what I prefer which is it will check with origin if there is an update on every request, and if there is then serve from origin.

Some details here.

https://developers.cloudflare.com/cache/concepts/cache-control/
Logged

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5367
    • Thinkbroadband Quality Monitors
Re: Cloudflare
« Reply #4 on: July 12, 2024, 10:57:46 AM »

As mentioned though, IP blocking in htaccess is not a good place to do it.  It puts load on the web server for every attempt and offers no protection to other services like SSH and SMTP, which will also be under attack.

IP blocks should be done at the firewall so the server never responds to the attempt to begin with.
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + GL.iNet GL-X3000/ Spitz AX WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors
 

anything