1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cloudflare - Advanced security (Web Application Firewall)

Discussion in 'Server Configuration and Hosting' started by RoldanLT, Jan 27, 2015.

  1. RoldanLT

    RoldanLT Well-Known Member

    Does someone enable this on your XenForo based forum?
    Any reviews and experience?

    upload_2015-1-27_21-56-20.png
     
  2. semprot

    semprot Active Member

    I have tried that but on vb, not xf .. yet.
     
    RoldanLT likes this.
  3. RoldanLT

    RoldanLT Well-Known Member

    So far it doesn't block legit request?
     
  4. semprot

    semprot Active Member

    When i let it run for +- 1 week, there is no "hit" on each rule in WAF.
    So it seems no "malicious" request had been received by the WAF :)
    And i turned it off now.
     
    RoldanLT likes this.
  5. Solidus

    Solidus Well-Known Member

    I've had around 2000 hits, mostly from OWASP XSS Attacks rules. Running on low sensitivity.
     
    RoldanLT likes this.
  6. RoldanLT

    RoldanLT Well-Known Member

    I'm running HIGH Sensitivity now :)
     
  7. Solidus

    Solidus Well-Known Member

    Getting lots of hits to admin.php lately and CF is blocking them like a boss.
     
  8. Solidus

    Solidus Well-Known Member

    Btw Roldan, do you have HSTS enabled?
     
  9. RoldanLT

    RoldanLT Well-Known Member

    I have mine disabled.
    Like this:
    upload_2015-7-9_15-45-15.png

    Cause I offer HTTP/HTTPS as an option to my users.
     

Share This Page