Skip to main content

CDN Integration - Depricated

warning

Use the ProxyFilter module instead. It is much more flexible and effective.

A content delivery network or content distribution network (CDN) is a globally distributed network of proxy servers deployed in multiple data centers. The goal of a CDN is to serve content to end-users with high availability and high performance. CDNs serve a large fraction of the static Internet content today, including web objects (text, graphics and scripts), downloadable objects (media files, software, documents), applications (e-commerce, portals), live streaming media, on-demand streaming media, and social networks. Dynamic content is requested by the CDN provider from the original server. The most popular CDN provider IPs (e.g.: CloudFlare, InCapsula) are globally allow listed on BitNinja protected servers in order to not disrupt their services.

For the time being, BitNinja can be integrated with CloudFlare (more providers will be supported if requested). If a visitor (or attacker) tries to reach your site, they first connect to CloudFlare. If they pass CloudFlare's security checking they will be redirected to your site through CloudFlare. See more information about how CloudFlare works: https://support.cloudflare.com/hc/en-us/articles/205177068-Step-1-How-does-Cloudflare-work-

Because CloudFlare's IPs are globally allow listed, BitNinja will not block their activity even if they are attacking your server. Visitors' real IP can be reached through the "CF-Connecting-IP: 1.2.3.4" HTTP Header or if you install mod_cloudflare. See more info: https://www.cloudflare.com/technical-resources/#mod_cloudflare If BitNinja detects something nasty, it cannot block it until you activate the CloudFlare integration on your Dashboard Settings > Integration.

To add the integration, click on + Add new. You can choose the CDN provider. You have to add your API email which you use to login to your CDN provider dashboard, and your Global API Key. It can be found at: https://www.cloudflare.com/a/account/my-account .
Unfortunately, only the Global API Key can be used to access CloudFlares firewall settings.

After this if you add or remove IPs from your block, allow, or challenge list, this information will be sent to CloudFlare as well. These newly added firewall rules has the default comment: "This rule is because of BitNinja" and Actions converted to Block, allow list, CAPTCHA on CloudFlare.