HowTo Setup CloudFlare

The motivation to install CloudFlare for the domains I operate, quite simply was a brute-force attack on one these domains. Some unknown script kiddie tried to guess the admin password of my wordpress installation. CloudFlare splash

While its a bit unfortunate that WordPress itself does not provide a simple counter measure, such as increasing delays after failed logins attempts, a google search brought me more or less directly to CloudFlare.com. The have a free plan, which provides basic security and performance optimizations for any number of sites. While the later was not the goal, it´s of course a nice side effect. What you need for this setup

  • About 10 minutes of your time
  • Patience until the configuration becomes active
  • The account details allowing you to change your domain settings with your registrar.

The service has to be configured at DNS level. Basically you will need to replace your current DNS servers with the ones owned by CloudFlare. The steps are relatively straight forward, assuming you already have setup your current domain yourself.

  1. Open an Account at CloudFlare.com
  2. Add the domain (or a list of domains if you wish so)
  3. Wait a bit (around 30 seconds to 1 minute) until CloudFlare has imported your current DNS settings from your current provider. This really is a big time saver!
  4. Verify the DNS settings against your current settings. See hint below, if you are using dynamic addresses for your web site.
  5. Once all is correct, confirm the settings.
  6. Follow the instructions to change the DNS servers on your domain (you have to change them with your registrar, not at the CloudFlare account).
  7. Wait a few hours until all DNS servers have received the new information.

Once switched, you should see traffic from CloudFlare servers instead from users directly. Starting from this point on, changes in the administration console of CloudFlare start to take effect immediately. Use their online help if options are unclear, they did an excellent job in describing the options quite well.

Hint for using dynamic Addresses

While its illegal on DNS level to specify a CNAME record (alias) for your top-level domain, e.g. pointing example.com to a dynamically updated address, you can do so with CloudFlare. They will dynamically replace this with an A record (address) when the name is resolved.

  • Delete the address record for your top-level domain
  • Add a CNAME record for example.com and put a the name of your dynamic DNS host in the value field, e.g. myhost.dynprovider.org.
  • Keep the configuration to update your dynamic host as-is.
  • You can use any service for the dynamic name resolutions. As the users of your domain will never see that hostname, it can be a freeware service with a lengthy name.