Coming Soon: CloudFlare as a Registrar

For awhile now, CloudFlare has been quietly advertising “coming-soon” no-added-fees registrar services for CloudFlare customers – even those like me on the free tier. According to the sales pitch, CF will charge exactly $0 for this service, adding no fee at all to the Wholesale Registry fee (currently $7.85 for dot com) + the $0.18 ICANN fee. So, CF will register a dot com domain for the bargain annual cost of $8.03.

 

Read more Coming Soon: CloudFlare as a Registrar

Allowing only CloudFlare traffic

No piratesIn other posts I give my point of view on the security advantages of using CloudFlare. But what’s to stop a bad guy, gal, or bot from accessing my site directly by IP address? I can try to keep my IP address secret, but a determined hacker will find it without too much trouble. He or she or his/her robot minions could then avoid CloudFlare security by attacking my site directly – unless I take explicit measures by allowing only CloudFlare traffic.

Read more Allowing only CloudFlare traffic

Web Cache Deception Hacks

Web Cache Deception Hacks

Web cache deception hacks are a fairly recent threat, first described by Omer Gil in February 2017. In certain situations a hacker could leverage a misconfiguration between a web server and a proxy cache like CloudFlare to reveal sensitive information that could help the hacker takeover my account. To be honest, this seems like a very unlikely threat. The situations that could cause it seem complex and obscure, and large scale attacks of this sort have not been observed in the wild.

Read more Web Cache Deception Hacks

CloudFlare Speed Settings

miscellaneous CloudFlare speed settingsIn another post I cover a CloudFlare page rule for blazing site speed. This post discusses miscellaneous CloudFlare speed settings. CloudFlare, even at the free tier, offers a plethora of speed and security settings that seem daunting at first. Most of them work fine using the default setting, and I can adjust settings at my own pace as I am able to make time to learn and optimize.

Read more CloudFlare Speed Settings

CloudFlare Security Settings

miscellaneous CloudFlare security settingsIn another post I cover CloudFlare page rules for login security. This post discusses miscellaneous CloudFlare security settings. CloudFlare, even at the free tier, offers a plethora of speed and security settings that seem daunting at first. Most of them work fine using the default setting, and I can adjust settings at my own pace as I am able to make time to learn and optimize.

Read more CloudFlare Security Settings

Caching Plugin

LiteSpeed cache logoI chose my web host carefully. My sites are hosted on a LiteSpeed web server, so I am able to use the remarkable free LiteSpeed Cache (LSC) plugin. LSC provides much more than just lightning-fast server-side caching. In also includes a suite of optimization tools such as: Database optimization; Image optimization – which seems to be equal to or better than the paid/premium versions of competing plugins; Connection to CloudFlare so I can put CF in development mode or purge the CF cache; and Miscellaneous settings like ‘Remove query strings from static resources’.

Using my two favorite website speed checkers, WebPageTest.org and GiftOfSpeed.com

Read more Caching Plugin