This article describes how to use CloudFlare to help defend against DDoS (distributed denial-of-service) attacks on your web site.
DDoS (distributed denial-of-service) attacks are becoming more and more common. In this type of attack, multiple computers flood a target site with so much network traffic that it responds very slowly or not at all.
CloudFlare's distributed, redundant network helps absorb the flood of traffic associated with DDoS attacks. In addition to this built-in DDoS protection, CloudFlare provides additional protections you can enable, such as “I'm under attack” mode. This is a security level you enable when your site is under active attack. When enabled, this mode adds additional protections to stop potentially malicious HTTP traffic from reaching your site. Legitimate visitors see the following page for about five seconds while CloudFlare runs checks on the browser:
After CloudFlare completes its checks, your site loads normally.
In addition to enabling “I'm under attack” mode, you can whitelist specific IP addresses to add an additional layer of defense to your web site. The following sections describe how to do both of these actions.
To enable “I'm under attack” mode in CloudFlare, follow these steps:
To disable “I'm under attack” mode, click
In addition to enabling CloudFlare's “I'm under attack” mode, you can prevent malicious IP addresses from accessing your site, and grant access only to specific IP addresses that you trust. This process, also known as “whitelisting”, provides another layer of protection for your site.
To do this, follow these steps:
order deny,allow deny from all
Use your web browser to go to https://www.cloudflare.com/ips-v4. Copy the entire list of IP addresses, and then paste it into the .htaccess file right after the deny from all line. Each IP address should be on a separate line.
Add the following text to the start of each line that contains an IP address:
To add additional IP addresses (such as your home or office IP address) to the whitelist, use the same allow from IP_address format.
You should now have an .htaccess file that contains the following content:
order deny,allow deny from all allow from 220.127.116.11/22 [Additional CloudFlare IP addresses to allow] [Any other IP addresses you want to allow]
Save your changes to the .htaccess file. Whitelisting is now enabled.
For general information about CloudFlare, please visit https://www.cloudflare.com.