Cloudflare Firewall Rules Walkthrough & Examples

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey everybody this is ori from astroweb and i'm going to introduce to you today cloudflare firewall rules right so cloudflare in addition to its cdn capabilities allows you to use uh firewall to set up a firewall to set up your own rules to use automated rules and allows you to better secure your site and make your server work less and accept less traffic and block you who you don't want right for security wise for server resource wise for a lot of different things so before i get into the firewall rules which are the ones that you can custom set and give you an example or two i want to just walk you through the basic uh overview right so here when you click on firewall you're logged into your cloudflare backend and you can see some basic thing about how the firewall is being used how many times it's being triggered how many times blocking requests based on your your requirements um and some basic information about the stats right user agents ips certain urls that are being blocked by country hosts etc and specific one by one by one you can see the details of what's actually trying to block right so you can see those details right now why do i mention this even though this is a custom firewall rules video sometimes when you look at the stats you realize that you need to adjust your firewall rules maybe add some or maybe remove maybe you're triggering something you did a wrong setup and you actually want to adjust your your settings right you did it wrong or you need to add you need to secure more so this is good to pay attention regularly to see how you make adjustments right maybe you notice there's a lot of attacks on a certain url you don't want to access and you notice it's by country you can filter you can click here filter and you can look at it more detail and look at only this url within the specific other attributes right so other than that there's a manage rules which has these automated rules with which i can turn on the firewall and i can use the automated rules that cloudflare recommends based on best practices uh security best practices for specific uh setups for specific platforms for example magento okay and then i also have a wasp rules you can set up the sensitivity and you can set up all these other ones but a nice thing you can do is also click on advance and turn off on and off one by one so now let's go into the actual uh purpose of this video which is talking about firewall rules so firewall rules are really good based on the type of plan you'll be able to have a certain amount of active firewall rules you can set up and what you can do is when you set up a firewall rule you will be able to set the rule based on all of these parameters they call them fields so they would be by url by country by ip address by host name the domain name refer things cookies is one i'm going to show in this video and all this information right ssl url pass http version user agent and threat scores okay so when you set up uh an actual rule you're gonna decide what is the condition when does it apply and then you're gonna talk about the action what happens when this condition applies i want to have the firewall block the traffic challenge right give them a captcha for example allow them to pass or bypass completely the firewall right if you have another setting you might want to bypass okay so um why do you need all of these things what's what's the concept so in general without the firewall everything is considered allow right so everything is passing through so it's going the traffic of the the customer the visitor is going through the through cloudflare just going to the websites getting the web pages that it needs now what you can do with the firewall you can block things right and so sometimes you're gonna have to have multiple rules okay so let's give you another an example and i want to give you uh after that a more uh complicated example so let's say i have this page right here and this is one of my service pages and i'm going to go here and i'm going to copy this url and i'm going to say for example i want to block this whole page for everybody so i would go here and this is the most simple example type in uri i can say equals or in this case i want to say contains because it's a very unique page and it says if this url contains this information in the url which obviously does i want to block completely everybody 100 of the visitors i'm going to deploy this okay now i see it here it's enabled and i can see how many times it's triggered this specific rule okay so if i go here and i hit enter okay let me go here let me actually open it in a new window okay you can see that the firewall actually blocked my access right here so access denied by cloudflare that's it it does not serve the web page at all okay so this is the most basic information here now if you go here to your actual firewall if you wait uh probably about a minute or so you'll be able to see that the number has changed so how many times was the firewall rule executed right and it's not real time this is why i say it's about a minute depends sometimes it's more or less um and so you'll see how many times triggered so here here you go it's triggered one time so i know it's working obviously i test it out myself but i can also know by data that it's actually working right and i can see this i can click and i can see the stats right i can see all the information right here okay great so this is the most basic one just i want to i'm going to edit this i want to block everybody now what i can do here i can do something else i can say you know what i want to block anyone who visits the url and they are for example from let's say let's give you an example right here okay they are from they do not equal let's say i want to block them if they do not equal and right now i'm located in taiwan okay if they're not taiwan and they visit here i want to block them okay so i'm going to block everybody other than taiwan that visit this page so what i'm going to do here i'm going to open here i'm going to go to the page okay and you see that i'm from taiwan right now i'm located in taiwan so the web page loaded for me but if i'm in a different country the web page won't load right so it's going to block it and obviously if i refresh the page assuming it's refresh it'll still be one because it didn't block me it allowed me to pass by okay now this is example number one okay so i want to give another example okay and this is a little more complex okay so sometimes you need to set up more than one rule right so here for example i said hey i anyone who goes this url that's not from taiwan i want to block it but sometimes you want to specify multiple rules say i want to allow these people but i don't want to allow i want to block these kind of people okay and sometimes you need to do that because the rule engine is not so complex you can have ands or or right this condition and this condition apply but sometimes you want to do other things like this this and this or this and this and this and that right so you might have to set up these custom rules so the reason why i explain this is if you have multiple rules that apply then cloudflare will take the priority of the rules you see this is priority number one and number two and so whenever the page loads cloudflare will go and look through its list look through number one does the rule apply yes number two does the rule apply number three does the rule apply et cetera if you have multiple rules that apply only the first one in the list will actually apply so let's assume this and this both apply so it's only going to trigger this action right so whatever this rule if the condition is met it's going to block for example it's going to allow so in some cases you need to specify multiple things so for example i want to allow let's say u.s traffic but i want to block everybody else or i also want to allow a certain ip address or a certain cookie right so you're going to have to set up in many cases this first allow something then you block something okay so i hope that makes sense if you have any questions in the comments uh just let me know i'll answer like give me your case and and i'll help you create it okay so let me set up another thing that was that was a good example and you're gonna use that a lot okay so let me uh create another case which is an interesting one so sometimes you want to block something based on like an ip address if your company has like a set a static ip you want to block it but sometimes you don't have you don't have a static ip or you don't have a vpn that you can go to through traffic so other things you can do let me delete this is you can set up interesting rules for example i want to allow allow traffic uh from from browsers that have a certain cookie have a cookie okay and this is just an example so i can go here and say okay first of all if the url equals this and let me do contains okay and my browser cookie my cookie contains for example j and smith okay so my my cookie name is j and the value is smith if i do this i'm going to say hey anyone that goes to this url has a cookie j smith i want to allow them okay and i'm going to deploy this okay and you see the rule i'm going to put this number 2 because i don't want to affect my actual site so the url index en and cookie equals jsmith allow them and then i'm gonna block everybody else okay so i'm gonna go here and i'm gonna say block this for everybody else okay and i'm gonna say uri and it's going to contain and i'm going to put this right here let's see i didn't misspell that index okay and i'm going to block them okay so now i have my condition my rule right here and i'm going to drag this down so i don't affect my site because the order is very very important i'm going to go here so this was excuse me my mistake okay and so first of all my rule would say hey if the url is that and i have a certain cookie i want to allow it everybody else i'm going to block so by order so the system when the when it loads the page it's going to say hey does this condition apply does someone have this url and the cookie cool allow if it doesn't go to the next rule and check it and say oh if someone in this url right this url oh no boom block them okay great so if i go to this url right now i'm going to open my window again okay boom okay so now it's not working okay so now what i'm gonna do i'm gonna make this cookie on my browser it's gonna be called jsmith so now i'm gonna go here and i'm going to go to my website go to my website here i'm just going to go to the website and i'm on chrome i'm going to click on inspect and i'm going to go to application my cookies gonna go here i'm gonna add a new cookie okay so my cookie is j smith okay and i'm gonna actually take make sure it doesn't expire my cookie let's just add another year here gonna secure it make sure it's only accessible by http i'm gonna secure it okay so now assuming i did that correctly if i go to the url itself i should be allowed to visit okay perfect okay now i'm allowed to visit that's it so because i have this cookie i am good with the firewall rule okay so let's say let me close the window and let me try to access that without the cookie because i added an incognito window so i shouldn't have the cookie now and you see it's blocked okay so this is the example of how you have the rule of use a cookie have allow this person or this person that has a cookie and then block everybody else this is a multi-rule this is an example that you would do it with the multi-rule okay you can do things in many different ways you can combine ands and ors but in a lot of cases you want to do things like this it's for organization making the rules simpler and it's for for having more complex rules okay and the order matters right so um that's pretty much it right so when you have examples again and you can comment and ask but you can use any of these these are the refer headers where did someone come from before they entered that page the urls the query string if it would be something like you know q equals something so you can you can do many many things here if you have any questions about it obviously you have documentation or you can ask me in the comments um so i hope that makes sense hope you enjoyed this video and you use firewalls you secure the network you secure your website you make things safer you make your server work less this is just a good a good idea and you can protect specific places on your website that are restricted to certain amount of people certain people certain groups certain rules hope you enjoyed this video we'll be making more and more videos thank you again for your time everybody appreciate it
Info
Channel: Astral Web Inc.
Views: 5,476
Rating: undefined out of 5
Keywords: cloudflare, firewall, rules, examples, tutorial, ip, address, cookie, uri, url, block, allow, challenge, captcha
Id: GY25yOiM2m4
Channel Id: undefined
Length: 14min 8sec (848 seconds)
Published: Tue Jan 05 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.