403 Text String

Posted on by

If my site gets attacked, it could serve up a lot of 403-Forbidden error pages, which would use a lot of resources, slowing my site or even bringing it down. For 404-Not Found errors, I want to serve a friendly helpful page that fits in with the look and feel of my site. Legitimate visitors should rarely if ever encounter a 403-Forbidden error though, so I prefer to politely limit resource use to the extent practical.  My solution is a custom 403 text string, using the following line at the beginning of my .htaccess file:

ErrorDocument 403 "403: Sorry, not permitted."

Read more 403 Text String

Cloudflare page rules for login security

Posted on by

Cloudflare page rules deserve to be much more widely known and used as a highly effective component of a layered brute force login defense. The Cloudflare free tier gives me three page rules, which is enough – just barely – for both login security and blazing site speed. Login security takes up two of the three rules, but does double duty by also bypassing the Cloudflare cache for the admin area. My Cloudflare page rules for login security block bad bots at the Cloudflare level, so they never even get to my site’s server, login screen, or admin area. A storm of brute force login bots – even if unsuccessful at logging in – could slow my site or bring down my site by tying up resources. These rules move all that resource burden off my site and onto Cloudflare.

Read more Cloudflare page rules for login security