New CloudFlare Integration

Nikoletta Szabo

Our CloudFlare integration has been released not so long ago, giving new opportunities and more automated, flawless service to our customers. Our developers worked this project out, because many of our ninja clients use CloudFlare in parallel with our services. The aim of this article is to describe why we needed this development and also to give you additional information about this new feature.

The CloudFlare integration was primarily designed for those of our clients who use CloudFlare.

 

 

How does it work?

Being a CDN (content delivery network) provider, CloudFlare gives the opportunity of content sharing. The method is quite simple. The client registers, than they start to direct the traffic arriving to the customer’s server through the CF servers. Most of the static content is served by CF, but it requests the dynamic content from the client’s server.

All the CF IPs are on our whitelist and by directing the clients’ traffic through CF, BitNinja (the WAF and IP reputation modules) could not fully block the attacks, even if it recognized the threat.

However, CloudFlare has a downloadable Apache mod, which restores the original IP of their clients, so it will be clearly visible in our log files.

Due to this integration we will know the source of the malicious activities and automatically let CloudFlare know about it and ask them to block the requests arriving from the questioned attacker. This cooperation enforces the defense shield we are providing and decreases the rate of false positives.

 

Settings

How can you enable the module? In your BitNinja Dashboard, under the “Settings” menu, there is a new tag, named “Integration”. Here, with the “Add New” option you can add API Keys. You need to give your CF API email (It is usually the one which you used for registering at CF), and global API Key. Here, giving the “Certificates API Key” is not sufficient, because it will not allow changing the WAF rules. You can find the CF API Keys, if you sign into your CF account, in the “My Settings” menu.

The changes will be enabled instantly, there is no need to reboot the server or BitNinja. After you entered the API access, you will be able to manually white/grey/blacklist IPs, which will be automatically forwarded towards CloudFlare. From the server, the incidents arriving from the CLI or the Log analyzer will be forwarded to CF.
We hope you’ll like BitNinja even more with this new feature. We are planning to release more integrations with several other CDN providers in the future to maximize the protection as much as we can.

Share your ideas with us about this article

Previous posts

How does a malware/spam campaign work?
The onset of the Internet has brought many rewarding benefits to human race. Thanks to it, communication that was pegged to letters, faxes and phone calls back then, have now become faster, reaching more audiences. Social media has also made it possible to connect with people from all around the globe. Although, with this new communicational development comes the challenge of phising and spamming that has continued to disrupt the new mailboxes of thousands of people around the world.   Spamming and phising can both be a form of stealing, by a hacker, where a great number of peop...
Ad-Blockers from Security Aspect: Curse or Blessing?
Have you ever thought about ad-blockers a potential security risk in your everydays? You’d better be banner blind with ad-blockers on or watch out where you click.   Ad-blocker pros   Ad-blocker is an application that is used worldwide to protect your computers from the annoying, flashy and memory-devouring online advertisements. It is an easy-to-use and easy-to-install web browser plug-in which makes the average users’ days more stress-free by diminishing or even eliminating the colourful ads from the webpages. Although, this plug-in unnoticeably triggers positive ca...