New CloudFlare Integration

Our CloudFlare integration has been released not so long ago, giving new opportunities and more automated, flawless service to our customers. Our developers worked this project out, because many of our ninja clients use CloudFlare in parallel with our services. The aim of this article is to describe why we needed this development and also to give you additional information about this new feature.

The CloudFlare integration was primarily designed for those of our clients who use CloudFlare.

How does it work?

Being a CDN (content delivery network) provider, CloudFlare gives the opportunity of content sharing. The method is quite simple. The client registers, than they start to direct the traffic arriving to the customer’s server through the CF servers. Most of the static content is served by CF, but it requests the dynamic content from the client’s server.

All the CF IPs are on our whitelist and by directing the clients’ traffic through CF, BitNinja (the WAF and IP reputation modules) could not fully block the attacks, even if it recognized the threat.

However, CloudFlare has a downloadable Apache mod, which restores the original IP of their clients, so it will be clearly visible in our log files.

Due to this integration we will know the source of the malicious activities and automatically let CloudFlare know about it and ask them to block the requests arriving from the questioned attacker. This cooperation enforces the defense shield we are providing and decreases the rate of false positives.

Settings

How can you enable the module? In your BitNinja Dashboard, under the “Settings” menu, there is a new tag, named “Integration”. Here, with the “Add New” option you can add API Keys. You need to give your CF API email (It is usually the one which you used for registering at CF), and global API Key. Here, giving the “Certificates API Key” is not sufficient, because it will not allow changing the WAF rules. You can find the CF API Keys, if you sign into your CF account, in the “My Settings” menu.

The changes will be enabled instantly, there is no need to reboot the server or BitNinja. After you entered the API access, you will be able to manually white/grey/blacklist IPs, which will be automatically forwarded towards CloudFlare. From the server, the incidents arriving from the CLI or the Log analyzer will be forwarded to CF.

We hope you’ll like BitNinja even more with this new feature. We are planning to release more integrations with several other CDN providers in the future to maximize the protection as much as we can.