The article describes how you can use CloudFlare to defend the website against DDoS (distributed denial-of-service) attacks.
What is DDoS Protection by Cloudflare?
DDoS attacks are becoming very common. In such type of attacks, multiple computers flood a target site with so much network traffic that it responds very slowly or not at all.
Related: What is CloudFlare Railgun and How to Enable it on Your Website?
Cloudflare’s distributed and redundant network helps to minimize the traffic associated with DDoS attacks. Additional to DDoS protection, Cloudflare also provides additional protections that you can enable such as “I’m under attack” mode. This is a security action that you can easily enable when your site is under the active attack. When it is enabled, the mode adds additional protection to stop potentially malicious HTTP traffic from reaching your site. Authorized visitor’s will see the followings page for about 5-6 seconds when the Cloudflare runs the check browser :
Once Cloudflare completes the checking process, your site gets loaded normally.
To add an additional protection layer to your website, along with “I’m under attack” mode, you can also whitelist specific IP addresses.
# Steps to enable “I’m under attack” mode in Cloudflare
1. Log in to cPanel account.
2. Locate SOFTWARE section on the cPanel home screen, and click on Cloudflare.
3. Click on Enable “I’m Under Attack” Mode:
4. If you want to disable it, then click on Disable “I’m Under Attack” Mode:
# Steps to Whitelist IP address :
To protect your site from the malicious IP addresses, you can grant access to only specific IP addresses that you trust. This process is known as “whitelisting”, that provides an extra protection layer to your site.
Perform the following steps to do so :
1. By using the cPanel File Manager or the SSH command prompt, open the /home/username/public_html/.htaccess file in your preferred text editor, where username will represent your account username.
2. Copy and paste the following text into the htaccess file :
order deny, allow deny from all
3. Go to https://www.cloudflare.com/ips-v4. Copy and paste the entire list of IP addresses into the .htaccess file immediately after the deny from all line. Make sure that each IP address should be on a separate line.
4. Now add the following command at the start of each line that contains an IP address :
5. Use the allow from IP_address format to add the additional IP address (like your office or home IP address) to the whitelist.
6. You will now have the .htaccess file that will contain the following content :
order deny, allow deny from all allow from 184.108.40.206/22 [Additional Cloudflare IP addresses to allow] [Any other IP addresses you want to allow]
Save the changes to the .htaccess file. Whitelisting will now be enabled.
Also Read :
1) Droplet gets Compromised and Sends an Outgoing Flood or DDoS – What to do?