0

How to use CloudFlare to prevent HTTP Flooding Attack (DDoS)

Vom 17. August 2016 in Allgemein, Projekte & HowTos |

Simple and straight, CloudFlare.com is a very cool service to speed up your site, but it also brings
a lot of feature for you to secure your site from a lot of bad traffic.

I had a website running on a single webserver (apache) which has been under attack.
A bot-network was simply requesting a “legite” URL from the website, however the bot-network did is so fast in an huge amount
that the webserver was just not able to handle it.

CloudFlare is able to help you here, its routing all DNS traffic through their system which has sufisticated mechanisms to identify bad traffic.

What i did to stop this specific HTTP Flooding:
– Configure cloudflare for the site
– enable your firewall (iptables) to allow traffic on port 80 and 443 only to come from cloudflare
– any other traffic on these 2 ports is simply blocked

List of CloudFlare’s IP ranged: CloudFlare IPs

IPTables Rules (on CentOS):

iptables -F
iptables -X
iptables -Z
# Accept everything on the loopback interface
iptables -A INPUT -i lo -j ACCEPT
# The following rules allow ALL incoming ssh connections on eth0 interface
iptables -A INPUT -i eth0 -p tcp --dport 22022 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 22022 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m multiport --dports 80,443 -s 103.21.244.0/22 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m multiport --dports 80,443 -s 103.22.200.0/22 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m multiport --dports 80,443 -s 103.31.4.0/22 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m multiport --dports 80,443 -s 104.16.0.0/12 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m multiport --dports 80,443 -s 108.162.192.0/18 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m multiport --dports 80,443 -s 131.0.72.0/22 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m multiport --dports 80,443 -s 141.101.64.0/18 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m multiport --dports 80,443 -s 162.158.0.0/15 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m multiport --dports 80,443 -s 172.64.0.0/13 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m multiport --dports 80,443 -s 173.245.48.0/20 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m multiport --dports 80,443 -s 188.114.96.0/20 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m multiport --dports 80,443 -s 190.93.240.0/20 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m multiport --dports 80,443 -s 197.234.240.0/22 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m multiport --dports 80,443 -s 198.41.128.0/17 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m multiport --dports 80,443 -s 199.27.128.0/21 -j ACCEPT

# Drop anything else on ports 80 and 443
iptables -A INPUT -i eth0 -p tcp -m multiport --dports 80,443 -j DROP

# save rules and restart iptables
service iptables save
service iptables restart

Links:

https://www.incapsula.com/ddos/attack-glossary/http-flood.html

http://cloudflare.com/

https://www.cloudflare.com/ips

Schlagwörter: , , , , , , , ,

Hinterlasse eine Antwort

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind markiert *

Du kannst folgende HTML-Tags benutzen: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Copyright © 2006-2017 Mabuhay! All Rights Reserved.
This site is using the theme, v, from BuyNowShop.com.