CloudFlare announced the introduction of firewall rules on October 3, 2018. Surprisingly, five firewall rules are even provided on the free plan. By comparison the Pro plan provides 20 firewall rules. Unlike Page Rules, additional firewall rules can *not* be purchased. I get five, that’s it. Pretty generous of CF, I think, seeing as I use only the free tier.
Comprehensive Web Application Firewall (WAF) rule sets had long been available, but only on paid plans. Free plan users were previously limited to using the IP firewall.
CF provides two ways to enter a firewall rule, an easy Visual Editor and a more advanced Expression Editor. I’ll stick with the easy one. The Visual Editor includes blocks for:
- Actions, which indicate how to respond to a matched rule; and
- Fields and expressions, which define the criteria for flagging incoming requests.
So, what good are firewall rules? They are really flexible, and can be used for many things. CF provides several examples. Importantly for me, I can use firewall rules to secure my login and contact pages and my admin folder, freeing up my three precious Page Rules that I can now use for something else. Firewall rules, unlike Page Rules, even allow for a recaptcha. Example:
The result, when anyone accesses my Contact Kenny page on that site, looks … well, kinda shitty and really scary, with a big scary orange warning thingy next to the recaptcha …
Further down is text advising to “run an anti-virus scan on your device to make sure it is not infected with malware.” I’m guessing that CloudFlare re-used a recaptcha page intended for much more dire circumstances, not a routine anti-spam firewall rule.
Aesthetics aside though, it does the job. It blocks bad spam bots at the reverse proxy – they never even get to my server much less onto my site. The good people at CloudFlare will undoubtedly improve the appearance over time. I hope.
WPPOV supports freedom from Net Neutrality and the GDPR. The Internet of the people, by the people, for the people, shall not perish from the Earth.