Block Your Website Admin Area with Cloudflare Firewall Rules

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi there ron here from clustered networks and today i'm going to talk about blocking your website admin area with cloudflare firewall rules now of course there's lots of rules out there that you can use in htaccess or some other form to be able to block the admin area to your website and of course you can do it right in in the content manager itself but what about all the attacks that are being made on your web server by using a cloud flare you actually block all of those things before they even hit your web server so you can block out virtually anything htaccess wtwp admin your wp content directory your admin backend cms whatever it might be a protected area so i'm going to show you how we can do that today first thing i'm going to look at is cloudflare cloudflare of course is a content delivery network and if you look on their free area it says here that they have page rules they block ddos attacks yes that's all great and it says here enhance security with web application firewall well in fact the free version does come with a web application firewall they don't really tell you that but it's not enhanced so it does have basic options and i'm going to show you what some of those options are now i've written a blog article all about this about blocking areas of your website and we're going to use some firewall rules so we're going to create a firewall rule that you can block the admin area wp admin all those kind of things and then we're also going to allow an allow area or firewall rule that allows you to allow your home iup address or your work ip address so let's take a look at this i've got this website called bluehatlogistics.com and i'll show you how this can be done so i'm going to go to that site bluehotlogistics.com there it is it's a website and i can go to the admin area no problem at all exactly i can log in with my username that is kind of protected much like the wp admin but then people try to guess your username and your password and you want to block all that kind of stuff out so that's what we're going to do so i'm in here in my cloudflare account i'm in my blue hat logistics i'm going to go click on here firewall and then if i look at overall i can see that i've got some rules here an overview showing that some things have already been blocked right so i'm blocking out germany united states this is bot fight mode firewall rules blocking out country javascript challenges all these kind of things i did this in bots so i've enabled the bot fight mode which basically blocks a lot of the bots out there that are trying to hack into your website as well if you click on firewall rules i've got one here that's called block bad countries and what i'm doing here is i'm blocking out china and russia as you can see now what i want to do is create another firewall rule with a free account you've actually got five active firewall rules that you can create so i'm gonna create another file wall rule so i'm gonna go back here to my blog article and it says here create a firewall block rule and it gives you a sample one of one that you've got here so i'm just gonna copy this ctrl c copy go to my firewall rule i'm gonna create a firewall rule and i'm going to say block admin area and what i'm going to do next is go to my uri or my resource locator path and i'm going to say contains all of these things and i'm going to click on edit expression i'm going to paste in now i could simply put in here slash admin but there's also a lot of other requests for wp admin wp include even though i don't have a wordpress site they're thinking i am because that's the most popular one out there so i've got another expression and i've says create request uri path contains admin or contains backend or contains wp admin or contains wp include or contains xmlrpc.php or it could be env files all of these kind of things that i can block so now i'm going to deploy that there i've got that admin area blocked now i'm going to go back here to um my blue hat logistics again and now i'm going to do a quick check to see if i can go to the admin area now it says access denied what happened it says it's blocked by cloudflare that's exactly what i want but now i want to allow my home ip address and the way i do that is i go back into firewall rules well let's go back to my blog article first and i'm going to create an allow address so i'm going to copy go back to my firewall rules i'm going to create a new rule and this is allow admin i allow home ips let's just say and i'm going to say if the ip address source equals whatever my ip address might be i can also put this as an [Music] expression so here i'm going to put my home ip address let's do a quick check to find out what my ip address is right now so that's my home ip i'm going to copy that i'm going to go back in here and i'm going to paste it so that's my home ip now i'm going to block out my work ip let's say that's not sure what it is right now but i'm going to put 222 222 222.222 just for explanation purposes now you'll notice in here that i've got double brackets at the start and double at the end and i've got an or in the middle so i could continue on and i could go or and put in a bunch of ip addresses now the reason for the double brackets if i only had one ip address that i was putting in here i would only need a single bracket but because i've got more than one i put a double bracket at the start and the end of my expression and then i go allow because i want to allow these i p addresses and deploy it so now it's allowed the whole ip address is allowed and i'm going to go back here to my admin area and now i can get back into my site again so again firewall rule i can turn that off if i want go back here do a refresh it's just cached is really all it is so it's just cache letting me in but regardless it's working and i can see that uh it's definitely doing the job so that's simple how it is to to allow these rules and you can actually have five firewall rules on your free account and you can actually if you create a firewall rule and then select your fields you can find out you can have an as number you can block cookies you can block certain host names referrers all kinds of use user agents if you just wanted to block apple computers you could all of those kind of things that you can block so you can write your own expressions into your firewall rules so i hope you like this video and if you do be sure to give it a thumbs up and i'll have a link to this article below that shows you how you can do some of these things oh another thing about this is you also want to block the back door or the bypass so what what some people will do is they'll instead of going through cloudflare they'll actually come through a back door they'll find out what your real ip address is and then they'll make an attack right against that ip i also have another video that shows you how you can do this that's a different topic but these will give you the basic rules to be able to block the admin area to your website so i hope you like this video give it a thumbs up be sure to subscribe to the channel thanks again for watching

Info

Channel: Ron Billings

Views: 500

Rating: undefined out of 5

Keywords: wp-admin, block, admin, protect

Id: 5IfB8CvjWn4

Channel Id: undefined

Length: 9min 59sec (599 seconds)

Published: Tue Sep 28 2021