DEV Community

Cover image for Tips for Using CloudFlare
Rake
Rake

Posted on

Tips for Using CloudFlare

Cyberspace infrastructure is becoming increasingly convoluted as web scrapers evolve, posing a growing threat to ecommerce and other businesses. Website owners can't ignore protecting their websites from bots, it's become so out of control at this point that anyone who isn't challenging every IP on earth is just asking to be scraped and exploited. CloudFlare is a CDN but it's best features are the protections it provides for HTTP traffic, it's such an insanely valuable tool and for most people the free plan is all you need. So, what exactly can you do to improve your website's scraper defenses using CloudFlare? Let's explore.

CloudFlare's Under Attack Mode and Automation

Switching your CloudFlare settings to "Under Attack" mode can deter bots and scrapers effectively. However, it might be cumbersome to manually enable or disable this mode, especially in volatile traffic conditions. For those in similar situations, automation comes to the rescue. GuidedHacking has an enlightening post on how to automate CloudFlare Under Attack Mode, which helps users maintain optimal website accessibility while also ensuring robust security.

Fine-Grained Control: Blocking Specific ASNs

If you're the sort who prefers a more hands-on approach to security, CloudFlare allows you to block traffic from specific Autonomous System Numbers (ASNs). This can be invaluable when dealing with scrapers originating from particular networks. You can benefit from a script provided by GuidedHacking to block a list of ASNs, giving you more granular control over who can or cannot access your site.

Image description

The Role of Rate Limiting

Incorporating rate limiting can drastically curtail the efforts of a scraper, as it caps the number of requests a client can make in a given time period. This feature is particularly useful for throttling requests that appear to be automated scraping attempts. By implementing CloudFlare's rate limiting, you can effectively deter a majority of scrapers without overly inconveniencing your legitimate user base.

Nginx Bad Bot Blocker: An Additional Layer

Though CloudFlare offers multiple in-built features to help mitigate scraping, incorporating additional security layers can never hurt. For those running their sites on an Nginx server, an extra shield against scrapers can be implemented in the form of bad bot blockers. GuidedHacking has a specialized post detailing how you can set up an Nginx Bad Bot Blocker for CloudFlare.

Image description

Cached Challenge Pages: A Quirk to Watch Out For

At times, CloudFlare's stringent security measures can have unintended consequences. For instance, sometimes CloudFlare's "Challenge" pages end up being cached inadvertently. This issue could be a double-edged sword, making your website temporarily unavailable to legitimate users.

Image description

Wondering how to tackle this peculiar scenario? Check out this insightful GuidedHacking article that covers cached challenge pages.

Looking Ahead

So there you have it---various tactics to significantly bolster your CloudFlare security against web scrapers. By employing a mix of CloudFlare's innate features and some additional measures, you can develop a robust anti-scraping strategy. From automation of the "Under Attack" mode to fine-tuning access controls, CloudFlare offers a multitude of options to keep your data safe. Remember, the war against web scraping is ever-ongoing. Staying vigilant and continually updating your security protocols is not just advisable; it's essential.

Top comments (0)