New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Anyone able to use Cloudflare with BuyVM's DDOS protected IP?
Hi,
BuyVM has told me that Cloudflare is incompatible with Voxility's filtering. Are there any configuration I can do to my server that would make Cloudflare and Voxility play nicely?
If it's really impossible, should I use Cloudflare with my regular IP, or drop Cloudflare and use the DDOS protected IP?
Ideally I'd like to use both though.
I'm running a cPanel server with Apache 2.4 + Nginx reverse proxy in front of it.
Comments
Why will you use cloudflare when you have voxility? Cloudflare is a crap.
Last year i faced this weird issue when Google spider wasn't able to crawl one of my site when Voxility layer 7 was enable in combination with cloudflare and i only came to know about this when Google had removed half of my site pages already. A tip never use both of them together!
Just interested in the free CDN + ssl cert + WAF and caching. Also for hiding the main IP (I know it's possible to figure it out but it's just another layer).
I'm not even able to get them both to work. I have disabled Voxility's layer 7 and still get "Error 1000 - DNS points to prohibited IP" when I enable Cloudflare.
Did you have Cloudflare's firewall set to the high preset?
That SSL cert does not prevent MITM between Cloudflare->original source. Also getting the IP of a Cloudflare protected domain is so easy, it's basically not even another layer.
Just curious, how is it that easy if you have a new server or new domain immediately using Cloudflare while only accepting cloudflare traffic?
Voxility whitelists cloudflare's IP's so it evades the L7 protection.
Past that there's no blocks in place.
We obviously don't recommend people do that combination as it causes more problems than not, but if you PM me a ticket or IP or something I can look further into it.
Francisco
That's ok. I run an nginx proxy in front of apache (https://github.com/engintron/engintron). Do I have to make any changes to my nginx server to use Voxility's filtering?
You'll want to, yes, otherwise you won't get the users correct IP address
You can check out http://wiki.buyvm.net/doku.php/ddos for the copy/pasta.
Francisco
If you are going to use CF with Voxility i'd recommend taking extra precautions to stop l7 attacks such as using captchas on login pages etc that are uncacheable. In addition you could also apply captchas to countries like china and russia (And set the challenge pass to let them through for like a week)
This is actually misleading. If he runs his own server he could block all noncloudflare ranges upstream on 80/443 Which is what cloudflare tells you to do anyway.
Voxility filtering is more easily bypassed than cloudflare. I've run uptimerobot on voxility and they couldn't even meet their OWN SLA because people test their site for l7/l4 attacks
Cloudflare protection gives me headaches even with pfSense and Snort. The sites tend to run slower than usual with CF protection on.
But if you disable that, it works normal
Why would you use reverse proxy on top of reverse proxy..
Use either one or the other for L7
It works fine for me, i have Cloudflare pointing to a BuyVM DDOS protected IP which has an NGINX reverse proxy to the real server.
Double condoms
Double condoms,hah.
Stop using Crapfail