/

CloudFlare ftw

CloudFlare ftw

CloudFlare ftw

CloudFlare ftw

Anand Muthukrishnan

Anand Muthukrishnan

Anand Muthukrishnan

Nov 18, 2024

CloudFlare is probably the leading service today to mitigate security attacks on a web service.

Although we started using their DNS proxy service from day one as a best practice, we never had the chance to tighten things up after that, until today.

As we have started seeing new customers, we wanted to tighten our security configuration that would make it super duper hard for anyone to send us malicious requests and see any success.

tldr; 🎉 We have now tightened our Web Application Firewall (WAF) in CloudFlare to block malicious actors/requests at the edge.

Against OWASP:

Our current configuration will stop malicious requests trying to detect/exploit any OWASP top 10 vulnerability at the edge node in the CDN network, before they even reach our servers.

Rate-limiting:

We added rate limiting rules within CloudFlare WAF that would slow down any flood of requests which can otherwise keep our servers busy for legitimate users. Adding rate-limiting rules in CloudFlare is far more useful than adding them in our own server because these rules would filter out requests at the edge node itself.

Against scripted actions:

We are also using CloudFlare Turnstile captcha service in our sign up process to keep scripted actions out of our apps. It just works! And they are rarely being an inconvenience for our leads to sign up.

No disposable emails:

We have signed up with services to validate and verify email addresses to check if they are created in those 10-minute-email-inbox services. This is to ensure we take in legitimate users and support them through their cloud deployments.

Safety first:

We are building a safe platform here for developers to make cloud deployments. We are ready today to mitigate at least 90% of the known attack scenarios.

All of the above are enabled in our platform to safeguard LocalOps platform and its console from malicious actors.

CloudFlare as default for all App Environments:

We want to enable the same security for all App Environments we provision for our customers (Developers) in their cloud / their customer cloud.

We will soon come out with capabilities to make CloudFlare WAF setup as a no-nonsense first step and "default" for all app environments we provision. Stay tuned!

Cheers ✌️.