Vultr Firewall added Cloudflare
-
@Mario-Jakovina said in Vultr Firewall added Cloudflare:
@JaredBusch OK, but why is access by FQDN safer then access by IP adress?
No one said it is safer. It was only said that it can only be accessed that way.
-
@JaredBusch said in Vultr Firewall added Cloudflare:
No one said it is safer. It was only said that it can only be accessed that way.
@Dashrender said in Vultr Firewall added Cloudflare:
All legit connections to JB's server in Vultr MUST come through CloudFlare,
But what is the benefit of allowing only through Cloudflare if it is not safer?
Do you need to subscribe to some service at Cloudflare to use that or not? -
Let me use this example.
I have a blog on blog.jaredbusch.com (I don't) and it is run using WordPress on Vultr.
I do the basic and have the traffic going through Cloudflare with the orange cloud.
Any hacker will hit the site in the legal way through Cloudflare. The Cloudflare network has a lot of defense capabilities built in that you can use depending on your subscription level.
But assuming you have none of that, it still protects you by not exposing your public IP if nothing else.
But If I do not restrict access
http
/https
access to the live IP, botnets will quickly discover that IP10.11.12.13
is running a WP instance. Then the WP hacking bots will attach the system directly viahttps://10.11.12.13/wp-login.php?WTFEVERHACKWORKSONVERSION
etc.The Vultr filewall settings as discussed 100% eliminate that possibility.
-
@Mario-Jakovina said in Vultr Firewall added Cloudflare:
But what is the benefit of allowing only through Cloudflare if it is not safer?
Do you need to subscribe to some service at Cloudflare to use that or not?All proxy services can provide protection. It is a matter of what the service provides for what cost and what you want to protect.
This thread is not a discussion of the specific uses of Cloudflare. Feel free to make a thread for that.
-
@JaredBusch Thank you.
I will read a little about Cloudflare and its services... I am not familiar with that. -
@Mario-Jakovina said in Vultr Firewall added Cloudflare:
@JaredBusch Thank you.
I will read a little about Cloudflare and its services... I am not familiar with that.Even my personal domain, with like no content or traffic was protected from random drive by attacks. For free.
-
@JaredBusch OK.
Is there any reason not to use at least Cloudflare Free plan and setup Vultr FW to allow only Cloudflare traffic, if we have FQDN for our server? -
@Mario-Jakovina said in Vultr Firewall added Cloudflare:
@JaredBusch OK.
Is there any reason not to use at least Cloudflare Free plan and setup Vultr FW to allow only Cloudflare traffic, if we have FQDN for our server?Pretty much never a reason not to do it.
I always use Cloudflare already to handle DNS.
-
@Mario-Jakovina said in Vultr Firewall added Cloudflare:
@JaredBusch OK.
Is there any reason not to use at least Cloudflare Free plan and setup Vultr FW to allow only Cloudflare traffic, if we have FQDN for our server?No reason not to have FQDN for your stuff - it's completely free from CloudFlare.
-
@Dashrender said in Vultr Firewall added Cloudflare:
No reason not to have FQDN for your stuff - it's completely free from CloudFlare.
That's not how anything works.
You must pay for a domain name.
Now you can use all the sub domains you want. But that also gets int other configurations.
You do not just have a FQDN.
-
@Dashrender Really! We use DynDNS paid service for our in-house servers
If you can point me how to get free FQDN from Cloudflare, I would be grateful? -
-
@Mario-Jakovina said in Vultr Firewall added Cloudflare:
@JaredBusch said in Vultr Firewall added Cloudflare:
You must pay for a domain name.
OK, thanks
Yeah - OK, sure, you have to pay for the domain name - but damn.. it's not like that's a fortune or anything...
If you're using a free DynDNS, then the free subs from CF should work as well.
-
@Mario-Jakovina said in Vultr Firewall added Cloudflare:
@Dashrender Really! We use DynDNS paid service for our in-house servers
If you can point me how to get free FQDN from Cloudflare, I would be grateful?FQDN are never free, there's no way for that. Someone HAS to pay for them, as they cost money. If anyone offered them for free, I'd "buy" every one in existence then sell them to everyone else for way, way more than they cost today.
It's only by having them be $10 a year or whatever that people have to evaluate if they want to pay for them.
-
@Mario-Jakovina said in Vultr Firewall added Cloudflare:
@JaredBusch said in Vultr Firewall added Cloudflare:
You must pay for a domain name.
OK, thanks
But every FQDN from your domain, is free. Whether you have one, or millions.
-
As I said - we do have FQDN.
I was just suprised when @Dashrender said they are free from Cloudflare -
@Mario-Jakovina said in Vultr Firewall added Cloudflare:
As I said - we do have FQDN.
I was just suprised when @Dashrender said they are free from CloudflareI misspoke, I never meant that registered domains themselves were free. What I meant was free was DNS hosting and base level proxying from CF.