How to Secure Your Website With Cloudflare SSL And Firewall

Soumyadeep Mandal
6 min readMay 30, 2023

--

If you have a website that handles sensitive data, such as personal information, financial transactions, or confidential documents, you need to ensure that your website is secure.

Website security protects your website and your users from cyberattacks, data breaches, malware infections, and other threats that can damage your reputation, cause legal issues, or harm your users.

One of the best ways to secure your website is to use Cloudflare SSL and Firewall. Cloudflare SSL encrypts the data between your website and your users, preventing anyone from intercepting or tampering with it. Cloudflare Firewall blocks malicious traffic and requests, preventing hackers from exploiting vulnerabilities or launching attacks on your website.

In this article, I will show you how to secure your website with Cloudflare SSL and Firewall. I will also show you how to monitor your website traffic and security events with Cloudflare analytics, and how to follow some best practices for website security.

Using Cloudflare SSL to Encrypt Your Website Data

Cloudflare SSL provides end-to-end encryption for your website data. This means that the data is encrypted both in transit (between your website and Cloudflare) and at rest (on Cloudflare servers).

To use Cloudflare SSL, you need to enable it on your Cloudflare dashboard. Here are the steps:

1. Log in to your Cloudflare account and select the domain you want to secure.

2. Go to the SSL/TLS tab and choose the SSL mode that suits your needs. There are four options: Off, Flexible, Full, and Full (strict).

3. Off means that no encryption is applied to your website data. This is not recommended for any website that handles sensitive data.

4. Flexible means that Cloudflare encrypts the data between your users and Cloudflare, but not between Cloudflare and your origin server. This is useful if you don’t have an SSL certificate on your origin server, but it still leaves a security gap that can be exploited by attackers.

5. Full means that Cloudflare encrypts the data between your users and Cloudflare, and also between Cloudflare and your origin server. This is more secure than Flexible, but it requires that you have an SSL certificate on your origin server. You can use a self-signed certificate or a free certificate from Cloudflare Origin CA.

6. Full (strict) means that Cloudflare encrypts the data between your users and Cloudflare, and also between Cloudflare and your origin server. This is the most secure option, but it requires that you have a valid SSL certificate on your origin server from a trusted certificate authority (CA).

Using Cloudflare Firewall to Block Malicious Traffic and Requests

Cloudflare Firewall protects your website from malicious traffic and requests, such as bots, DDoS attacks, SQL injections, cross-site scripting (XSS), and more.
Cloudflare Firewall has two main components: Firewall Rules and Managed Rules.
Firewall Rules allow you to create custom rules to block or allow specific traffic or requests based on various criteria, such as IP address, country, user agent, URL path, query string, cookie value, etc.
Managed Rules are predefined rules that are created and maintained by Cloudflare experts. They cover common threats and vulnerabilities for different types of websites and applications.

To use Cloudflare Firewall, you need to enable it on your Cloudflare dashboard. Here are the steps:

1. Log in to your Cloudflare account and select the domain you want to protect.

2. Go to the Firewall tab and choose the Firewall settings that suit your needs. There are three options: Low, Medium, and High.

3. Low means that only the most severe threats are blocked by Cloudflare Managed Rules. This is useful if you want to minimize false positives or interference with legitimate traffic.

4. Medium means that most threats are blocked by Cloudflare Managed Rules. This is useful if you want to balance security and performance for your website.

5. High means that all threats are blocked by Cloudflare Managed Rules. This is useful if you want to maximize security for your website.

6. You can also create custom Firewall Rules by clicking on the Create a Firewall rule button. You can specify the criteria for matching traffic or requests, and the action to take when they are matched (block, challenge, allow, log).

7. You can also enable or disable specific Managed Rules by clicking on the Managed Rules button. You can choose from different rule sets based on different categories (Cloudflare Rule Set, OWASP ModSecurity Core Rule Set 3.0/3.1/3.2/3.x Experimental Ruleset/3.x Paranoia Level 1/2/3/4 Rule Set), platforms (WordPress/Joomla/Drupal/Magento), or partners (Comodo/Sucuri).

Monitoring Website Traffic and Security Events with Cloudflare Analytics

Cloudflare Analytics provides real-time insights into your website traffic and security events.

You can use Cloudflare Analytics to monitor various metrics and indicators related to:

- Requests: The number of requests made to your website by different sources (browsers/devices/countries/IPs/etc.)

- Bandwidth: The amount of data transferred by your website to different sources (browsers/devices/countries/IPs/etc.)

- Threats: The number of threats blocked or challenged by Cloudflare Firewall or other security features

- Performance: The speed and efficiency of your website delivery by different sources (browsers/devices/countries/IPs/etc.)

- Page Views: The number of page views generated by different sources (browsers/devices/countries/IPs/etc.)

- DNS: The status and performance of your DNS queries

- Workers: The status and performance of your Cloudflare Workers

To use Cloudflare Analytics, you need to access it on your Cloudflare dashboard. Here are the steps:

1. Log in to your Cloudflare account and select the domain you want to analyze.

2. Go to the Analytics tab and choose the category you want to view (Requests/Bandwidth/Threats/Performance/Page Views/DNS/Workers).

3. You can filter the data by time range (Last 24 hours/Last 7 days/Last 30 days/Custom) or by source (Browser/Device/Country/IP/etc.)

4. You can also export the data as CSV or JSON files by clicking on the Export button.

Best Practices for Website Security

In addition to using Cloudflare’s security features, there are some best practices you should follow to keep your website secure:

- Keep Your Software Up-to-Date: Outdated software can leave your website vulnerable to attacks. You should regularly update your web server software, your CMS software (WordPress/Joomla/Drupal/Magento/etc.), your plugins/extensions/themes/modules/etc., and any other software components used by your website.

- Regularly Back up Your Website Data: Regularly backing up your website data can help you recover from any security incidents quickly and easily. You should back up both your files (HTML/CSS/JS/images/videos/etc.) and your database (MySQL/PostgreSQL/MongoDB/etc.) regularly. You should also store your backups in a secure location (such as an external hard drive or a cloud storage service) that is separate from your web server.

- Use Strong Passwords: Weak passwords can be easily guessed or cracked by hackers. You should use strong passwords for all accounts related to your website (such as web hosting account/CMS admin account/database user account/etc.). A strong password should be at least 8 characters long, contain a mix of uppercase/lowercase letters/numbers/symbols, and not be based on any personal information or common words/phrases. You should also change your passwords regularly and not reuse them for different accounts/services.

- Use Two-Factor Authentication: Two-factor authentication adds an extra layer of security to your accounts by requiring a second factor (such as a code sent via SMS/email/app/call) in addition to your password when logging in. You should enable two-factor authentication for all accounts related to your website (such as web hosting account/CMS admin account/database user account/etc.) if possible. You should also use two-factor authentication for any other online accounts/services that support it (such as email/social media/banking/etc.)

- Limit User Access: You should limit user access to only those who need it for specific tasks/functions related to your website (such as web developers/content editors/customer support/etc.). You should assign appropriate roles/permissions to each user based on their responsibilities/functions, and revoke them when they are no longer needed. You should also monitor user activity/logs regularly and look for any suspicious/unauthorized actions.

Conclusion: Keeping Your Website Safe and Secure with Cloudflare

Your website’s security is not a one-time task, but a continuous effort. You can enhance your website’s security by using Cloudflare’s powerful security features, such as SSL/Firewall/analytics, as well as following some best practices for website security, such as keeping software up-to-date/backing up data/using strong passwords/etc. By doing so, you can protect both yourself and your users from cyberattacks/data breaches/malware infections/and other threats that can harm both parties.

I hope this article has helped you understand how to secure your website with Cloudflare SSL/Firewall/analytics/best practices, and I wish you all the best in keeping your website safe and secure!

— -

If you want to dive deeper into this topic, I invite you to read my LinkedIn Pulse article where I share some more details and tips. You can find it here:

Thank you for reading!

Soumyadeep Mandal

--

--

Soumyadeep Mandal
Soumyadeep Mandal

Written by Soumyadeep Mandal

FullStack Developer | UI/UX Developer | Open-Source | Community Leader #imsampro