Stop HACKERS and BOTS from reaching your website server - Cloudflare
Ғылым және технология
Stop HACKERS and BOTS with FREE Cloudflare WAF
FREE: cloudflare.com
WAF layered defenses
Cloudflare managed rules offer advanced zero-day vulnerability protections.
Core OWASP rules block familiar “Top 10” attack techniques.
Custom rulesets deliver tailored protections to block any threat.
WAF Machine Learning complements WAF rulesets by detecting bypasses and attack variations of XSS and SQLi attacks.
Exposed credential checks monitor and block use of stolen/exposed credentials for account takeover.
Sensitive data detection alerts on responses containing sensitive data.
Advanced rate limiting prevents abuse, DDoS, brute force attempts along with API-centric controls.
Flexible response options allow for blocking, logging, rate limiting or challenging.
#firewall #WAF #CLoudflare
Пікірлер: 98
Fire content as always thanks, brother. I'm setting up Cloudflare for my website and I was looking for WAF rules I may have missed out on. I will be implementing a few of the ones you've mentioned.
@SaaStuto
Жыл бұрын
Hey Jake, Awesome, glad to hear it! I'm always happy when people find my content helpful. Let me know if you have any questions about setting up Cloudflare or the WAF rules - I'd be more than happy to help out.
@Jake-vd8os
Жыл бұрын
@@SaaStuto Thanks, bro I appreciate that. I’m going through the settings now that my name server is transferred to Cloudflare. Your video has put me halfway through there already so thank you 😊 🙏. The country WAF rule is working brilliantly you wouldn’t believe the number of unwanted countries it blocked in less than 24hrs. 😂 I’ve got a niche online store selling to the UK market only and my server used to get hit with requests from irrelevant audiences.
Great information! Thank you for creating this video and protecting a fellow business owner!
@SaaStuto
5 ай бұрын
Hey @Iordnutz, So happy to hear that you found the information useful! Keeping the business community protected is definitely a priority. Appreciate you watching!
Good video , you showed me some new things to block - I have been getting hammered with bots lately , its so bad if I didnt have cloudflare my server would be maxxed out most of the time
@SaaStuto
4 ай бұрын
Hey @ecswest6083, Glad to hear you found some new insights from my video! Dealing with bots can indeed be a hassle. Keep strong, stay protected and remember, sharing is caring so, pass on the knowledge to a friend in need!
Great clear video. Dont really need the sub, but giving it anyway cos the vid is so useful. Keep up the good work.
@SaaStuto
Жыл бұрын
Hey Patrick McCarthy, Thank you so much for your kind words and support! I'm really glad you found the video useful, that means a lot to me. Your subscription is very appreciated - thank you!
Really great video. Very useful. I've also had Cloudflare for a few days now and I'm very impressed. Especially the geo-blocking feature, HTTP1.0, known bots and the threat score are useful for my personal websites. I have just allowed Europe and North America and blocked countries like Russia and Ukraine (due to current events). It's enough that the world is a war zone, it doesn't have to be my server too.
@SaaStuto
2 ай бұрын
Hey @Voigt_Analytics, I'm glad to hear the video was useful and that you're finding Cloudflare beneficial for your personal websites. It sounds like you're making great use of the features, especially given the current global situation. Stay safe, online and offline. :)
I love Cloudflare I use it for all my sites. Thanks for the recommendation; I will compare it with my current rules and apply the necessary changes. The majority of bad requests I've received to date come from the following countries: Russia, Singapore, the US, France, the Netherlands, South Africa, China, India, Indonesia, Germany, and so on. These are countries I have no business with, so blocking countries you don't serve is a no-brainer.
@SaaStuto
Жыл бұрын
Hey Alex, That's great to hear! I'm glad you found Cloudflare helpful. Please let me know if there is anything else I can help with!
@Alex-hn3lc
Жыл бұрын
@@SaaStuto -- I'm good for now and I feel like I have covered all if not most of the corners. 😂So keep up the awesome work. Your videos are helpful.
@ecswest6083
4 ай бұрын
Singapore is terrible Germany my 2nd worst , they are my biggest hassle as well . Im pretty sure its chinese hackers using vpn's because everyone known for so long so much hacking out of china they get region blocked so much
Thank you so much!! It did help.
@SaaStuto
Жыл бұрын
Hey Frank, You're welcome, I'm glad you found it helpful! If there's anything else I can do to help just let me know. Thanks for watching and have a great day! :)
Thanks for sharing! Subbed.
@SaaStuto
4 ай бұрын
Hey @AutomotiveForBeginners, That's awesome to hear! Hope you enjoy the upcoming content. Do not hesitate to share the videos you find useful.
Looks interesting, thank you
@SaaStuto
4 ай бұрын
Hey @pasanflo, Hey, I'm really glad you found it interesting! Feel free to share it with others who might also find it helpful.
Thank you so much
@SaaStuto
Жыл бұрын
Hey Cat Clothes, You're welcome, I'm glad you found it helpful!
Fantastic!!
@SaaStuto
Жыл бұрын
Hey André Francisco, Wow, thank you so much! I'm really glad to hear that and I hope you continue to enjoy my content. :)
Muy buenas reglas para evitar los bots. Gracias por la explicación. Un saludo desde España
@SaaStuto
Жыл бұрын
¡Muchas gracias! Estoy contento de que te haya gustado mi explicación. ¡Un saludo desde Mexico!
Great explanation. I have started using Cloudflare, so this was a very useful tutorial. Fast and to the point. In addition to the WP file blocks discussed, is there a list available for other common platform/dev specific files we can block?
@SaaStuto
Жыл бұрын
Thanks for the kind words! I'm glad you found the tutorial useful. As far as other platform/dev specific files to block, Cloudflare has a list of recommended file types that should be blocked in their documentation here: support.cloudflare.com/hc/en-us/articles/200170086-What-file-types-shouldn t -I-. Hope this helps!
Thanks:-)
@SaaStuto
Жыл бұрын
Hey Shahir Naga, No problem! You're welcome.
Thank you so much for this great video. I am having issue with the IP source address not equals rule, I put my ip in it but it not letting me access my admin panel. I did same as how told in the video.
@SaaStuto
Ай бұрын
Hey @raghavgakhar09, Glad you found the video great! Just double-check the IP settings and maybe try a quick reboot. Hope that helps! 😊
Thank You So much brother 💌 love from Bangladesh
@SaaStuto
Жыл бұрын
Hey Seaworthy Fish, Thank you for the love from Bangladesh! It really means a lot to me. I'm glad my videos have been able to reach people all around the world and that they find them helpful. Thanks again, stay safe and take care!
Your explanation is good, but how can you prevent content scraping...i tried to block a website ip address that perform the content scraping, moreover, i excluded all other bots except user agent(googlebot & bingbot) and i have done all these in cloudflare WAF, yet unable to stop them from doing the content scraping
@SaaStuto
Жыл бұрын
Hey zayn clips, Thank you for your question. The best way to prevent content scraping is by using a Content Security Policy (CSP). CSPs are effective at stopping malicious bots from stealing and replicating content, as it blocks requests coming in through an unauthorized source. Additionally, you can also use CAPTCHAs or honeypots to further protect your site's content against scrapers. Hope this helps!
Great video 👍, can you please tell me I am planning to upgrade the shared hosting to dedicated cloud hosting in the same hosting provider but in new hosting they are not providing Ipv6, but in shared hosting, they have provided it, Do I delete the ipv6 record in Cloudflare?
@SaaStuto
Жыл бұрын
Hey asmr allz, Thanks for the positive feedback! You'll need to contact your hosting provider and ask them if they provide IPv6 in their dedicated cloud hosting. If not, then you can delete the IPV6 record from Cloudflare.
Thank you sir, usefull and good video
@SaaStuto
6 ай бұрын
Hey @expertcoder3101, Thank you so much! I'm glad the video was useful and that you enjoyed it. Please share this with your friends if they could benefit from watching it too.
Good idea thanks
@SaaStuto
Жыл бұрын
Best stop these bots before they reach the site
@amankumawat7472
Жыл бұрын
@@SaaStuto my traffic from india, tell me-> what can i set country challange. (my site is attecking on my site, please help me)
Excelente video tutorial muchas gracias por toda esta gran ayuda.
Amazing bro thanks for this valuable information
@SaaStuto
Жыл бұрын
Hey My CH, Thank you so much for the kind words and your appreciation! I'm really glad that this video was helpful to you. If there's anything else I can help with, please don't hesitate to ask. :)
Very Nice!
@SaaStuto
Жыл бұрын
Thanks
@amankumawat7472
Жыл бұрын
@@SaaStuto my traffic from india, tell me-> what can i set country challange. (my site is attecking on my site, please help me)
I wonder if this kind of limitation affect your SEO? Does it? And what would be the better setting to avoid loosing SEO if any ?
@SaaStuto
Жыл бұрын
As long as you don't block search engines or public pages you are ok
I am getting deceptive site ahead again & again i want to fix it through cloudflare what should i do for that please tell me sir 😢 3:29
@SaaStuto
Жыл бұрын
One of the WAF rules is being too hard. Try disabling one by one and test to see what rule is causing the issue.
if i say -> captcha if threatscore is 1 or 2, is that too low?
@SaaStuto
4 ай бұрын
Yes
@Patrick-ur9tq
4 ай бұрын
@@SaaStuto because to many false positivs?
It is a good way but it is not enough! You can not stop hackers by only using this unless your host provider is Cloudflare which is not the case, I assume for most people. The IP address can be easily found and the hacker can use it to request a connection to the site or the server by writing just the IP address and then /wp-login or the server port. To solve this you need to enforce your server to only accept HTTPS connections from Cloudflare; otherwise, this method would be useless. Also, you need to make sure that you get the other stuff right like server security updates, exposed ports, DNS Protection, OWASP firewall (Included in the Cloudfalre Paid Plan), etc.
@SaaStuto
Жыл бұрын
You are correct that using Cloudflare's WAF alone may not be enough to fully protect a website or server from hackers. To increase security, it is important to also enforce HTTPS connections from Cloudflare and keep the server updated with security patches and firewall configurations. Additionally, using other security measures such as DNS protection and an OWASP firewall can also help to further enhance security.
Is the country challenge not going to cause issues with search engine crawlers like Bing and Google?
@Jake-vd8os
Жыл бұрын
Update: I have whitelisted Google and other good bots.
@SaaStuto
Жыл бұрын
Correct, update good bots to pass
amazing
@SaaStuto
9 ай бұрын
Hey NOFOOD?, Thanks so much for the kind words! I'm glad you enjoyed my video and that it was helpful. :)
@nofood1
9 ай бұрын
@@SaaStuto easily explained. Any ideas how to stop people from downloading videos from my site? Possible with cloudflare you think?
Hello SaaStuto, I want to block the access to my website from all other countries except India... I Can Do that by ClouldFlare Rules does that effect the SEO...
@SaaStuto
Жыл бұрын
Thanks for the question. Yes, you can block access to your website from all other countries except India with CloudFlare rules without affecting SEO. However, it is important that you set up the rules correctly so as not to interfere with any of your content being indexed by search engines or appearing in SERPs (Search Engine Results Pages). If done incorrectly there could be a negative impact on SEO performance.
@CHATHK
Жыл бұрын
Pls can you tell us how to enable google adsense and indexing once you block other countries?
my traffic from india, tell me-> what can i set country challange. (my site is attecking on my site, please help me)
@SaaStuto
Жыл бұрын
In the WAF section. create a rule to block or challenge the country
How can we protect AdSense by use of cloudflare, want to add setting like 1 user can only click maximum 2 times on our advertisement in 1 day
@SaaStuto
Жыл бұрын
That would probably set in adsense and not in cloudflare
Good evening, I'm from Brazil, I need to block the United States, but I need to let Google bots pass and also adsense trackers, is it possible to do this in Cloudflare?
@SaaStuto
Жыл бұрын
Hey Charles Moura, Yes, it is possible to block the United States in Cloudflare while allowing Google bots and Adsense trackers. To do this you will need to create an access rule that allows certain IP addresses or domains through your firewall. You can find more information on how to set up these rules here: support.cloudflare.com/hc/en-us/articles/200170056-Creating-access-rules
@Promocoesdiarias1
Жыл бұрын
@@SaaStuto It didn't help me with what I need, but thanks for answering. :(
is cloudflare useful for api endpoints?
@SaaStuto
11 ай бұрын
Yes, definitely
Si hago tal cual lo dices no tendré problemas para que el robot de Google adsense acceda a mi blog, apenas lo voy a monetizar y quiero bloquear ciertos países ya que hace unos meses tuve un ataque y no paso a más pero no quiero bloquear al robot de Google 😩 espero me puedas responder
@SaaStuto
5 ай бұрын
Configura Cloudflare WAF para permitir el tráfico del User Agent "Googlebot" antes de bloquear los países deseados, así no interferirás con el acceso de AdSense a tu blog.
Is it still free in June of 2024?
@jadens9569
22 күн бұрын
Yes 💯
This doesn't help if they find out your server IP. They'll just bypass cloudflare and use your server IP directly
@SaaStuto
Жыл бұрын
That's not correct. Plus, the server IP is public and anyone can know it via DNS checker
@JamesAutoDude
Жыл бұрын
@@SaaStuto this video explains it kzread.info/dash/bejne/i4anvNGyg7yZitI.html
@Alex-hn3lc
Жыл бұрын
@@JamesAutoDude --- If hackers find your origin IP, then this is where your host comes into play. If you use a decent host, they'll take care of it, especially if you're on a managed solution. If you manage your own server, then you'll have to protect it yourself or hire competent pros to do it for you. There is no perfect method, and companies big and small get hacked all the time. So it's just about making it as hard as possible. This video does a good job of showing people how to protect their websites at the DNS level. Server protection is another whole level.
@bishnuchetri9941
9 ай бұрын
For example:If you use nginx, you can block all IP addresses and allow only those IP addresses which cloudfare uses. This way only cloudfare can access ur server and no one else
Good afternoon. Please, I need help. Serous help
@SaaStuto
Жыл бұрын
What happened?
@SaaSMaster
Жыл бұрын
Hey Kosisochukwu Emmanuel Derrick Udeh, I'm sorry to hear that you need help. Please let me know what I can do to assist you.
@kosisochukwuemmanuelderric7154
Жыл бұрын
@@SaaSMaster Good afternoon. I have disabled and even deleted my rss feed from feedburner and Blogger dashboard. Yet Indians are still scraping my contents and outranking me
@kosisochukwuemmanuelderric7154
Жыл бұрын
@@SaaStuto What do I do please?
🍀 p̴r̴o̴m̴o̴s̴m̴
@SaaStuto
Жыл бұрын
🚀