Distributed Denial-of-Service (DDoS) attacks are one of the most common and dangerous threats to any online service. A DDoS attack involves overwhelming a server with a massive amount of traffic, making it unavailable for legitimate users. Fortunately, by integrating Cloudflare with your AnonVM VPS, you can effectively protect your server from DDoS attacks. This guide will walk you through the process of setting up Cloudflare to protect your VPS, ensuring both performance and security.
Why Use AnonVM for DDoS Protection?
- Offshore Hosting: AnonVM's offshore hosting services provide additional protection from region-specific attack mitigation strategies.
- Scalability: AnonVM offers powerful VPS hosting that can be easily scaled to handle increased traffic during attacks.
- Privacy-Focused: AnonVM’s focus on privacy ensures your data is secure, even during an attack.
Prerequisites
- AnonVM VPS with a domain (for Cloudflare integration).
- A Cloudflare account (you can sign up for free).
- Basic knowledge of DNS and web hosting.
Step 1: Set Up a Cloudflare Account
If you don’t already have a Cloudflare account, follow these steps:
- Go to the Cloudflare website and sign up for a free account.
- After signing up, Cloudflare will guide you through the steps of adding a new website.
- Enter your domain name when prompted (e.g.,
yourdomain.com
).
Step 2: Add Your Website to Cloudflare
- Once you’ve entered your domain, Cloudflare will scan and import your DNS records.
- Verify the DNS records are accurate. Cloudflare will automatically detect most common records, including your A records and MX records.
- After the DNS records are imported, click Continue.
Step 3: Update Your Domain’s Nameservers
Cloudflare will provide you with two nameservers (e.g., adam.ns.cloudflare.com
and beth.ns.cloudflare.com
). To complete the integration, you need to update your domain's nameservers:
- Log in to your domain registrar (the company where you purchased your domain).
- Find the option to update DNS settings or Nameservers.
- Replace the current nameservers with the ones provided by Cloudflare.
- Save your changes.
Note: It may take up to 24 hours for DNS changes to propagate across the internet, but Cloudflare will notify you when the changes are complete.
Step 4: Enable Cloudflare Protection for Your VPS
Once your nameservers have been updated, Cloudflare will start handling your traffic and providing security protection for your AnonVM VPS.
-
Login to Cloudflare and go to your dashboard.
-
Click on DNS and ensure that the orange cloud icon is enabled for your A record (the one pointing to your VPS IP). This means traffic will pass through Cloudflare's network.
- The orange cloud represents that Cloudflare protection is active.
- The grey cloud means traffic will bypass Cloudflare and go directly to your server.
Example:
-
Cloudflare will now begin filtering incoming traffic to your website, blocking malicious DDoS attacks before they reach your VPS.
Step 5: Enable DDoS Protection Features on Cloudflare
Cloudflare offers multiple layers of security to mitigate DDoS attacks. To activate these features, follow these steps:
Enable “Under Attack” Mode
Under Attack mode enables extra protections and challenges visitors with a JavaScript challenge page before granting access. This can be effective against smaller-scale DDoS attacks.
- Log in to your Cloudflare account and go to the Firewall tab.
- Under Security Level, select I'm Under Attack.
- This activates a security page that verifies visitors are legitimate before they can access your site.
Activate Web Application Firewall (WAF)
Cloudflare’s WAF (Web Application Firewall) provides protection against various threats, including DDoS attacks, SQL injections, cross-site scripting (XSS), and more.
- In the Cloudflare dashboard, navigate to the Firewall tab.
- Under Settings, make sure that the WAF is enabled.
- You can also enable the OWASP ModSecurity Core Rule Set for advanced protection.
Enable Rate Limiting
Rate limiting prevents a single user from making too many requests in a short period, reducing the impact of DDoS attacks that rely on overwhelming the server with requests.
- In your Cloudflare dashboard, go to Firewall > Tools.
- Set up Rate Limiting rules to limit requests from a single IP.
For example, you can set a rule to allow only 100 requests per minute for an IP address. If an IP exceeds this limit, it will be temporarily blocked.
Step 6: Monitor Traffic and Attack Logs
Cloudflare provides detailed analytics and attack logs, which can help you track any malicious activity targeting your VPS.
- In the Cloudflare dashboard, go to Analytics.
- Here you can monitor:
- Requests: See how much traffic is coming to your server.
- Threats: View blocked attacks and malicious requests.
- Firewall Events: View detailed logs of security actions, such as blocked DDoS attacks or rate-limited requests.
Step 7: Optimize Cloudflare Settings for Performance
In addition to protecting your VPS from DDoS attacks, Cloudflare can also improve your website's performance by caching static content and reducing latency.
-
Enable CDN (Content Delivery Network):
- Cloudflare caches static assets such as images, JavaScript, and CSS, which reduces the load on your VPS.
- Ensure your DNS record for the website is proxied (orange cloud) to enable this feature.
-
Optimize Caching:
- Go to Caching > Configuration in the Cloudflare dashboard.
- Set Cache Level to Aggressive to cache more content and reduce load on your VPS.
-
Use HTTP/2 or HTTP/3:
- In the Network settings of Cloudflare, enable HTTP/2 or HTTP/3 for faster page loading times.
Step 8: Configure Firewall Rules on Your VPS
While Cloudflare protects you from external DDoS attacks, it's also important to configure your VPS firewall to block unwanted traffic.
-
Log in to your VPS and configure UFW (Uncomplicated Firewall) to block direct traffic:
-
Ensure that only Cloudflare IP ranges are allowed to access your VPS directly. You can find Cloudflare’s IP ranges here. Use
iptables
orufw
to block all incoming traffic except from these IPs.
Example of iptables
command to allow only Cloudflare IPs:
Step 9: Test Your Setup
After setting up Cloudflare and configuring your VPS, it's essential to test your protection.
- Simulate a DDoS attack (without affecting your service) using testing tools like LOIC or Hping3.
- Monitor Cloudflare logs to see how well the protection is working.
- Test website availability by accessing your website from various devices or tools like GTMetrix or Pingdom to check the server’s response time.
Conclusion
By integrating Cloudflare with your AnonVM VPS, you can effectively protect your server from DDoS attacks while also enhancing performance. Cloudflare’s advanced security features, such as DDoS protection, rate limiting, and WAF, will significantly reduce the risk of downtime caused by malicious traffic. Moreover, the added benefits of content caching and global CDN ensure that your site runs fast, even during high-traffic periods.
By following the steps outlined in this guide, you can achieve a robust security setup for your VPS, ensuring both performance and protection against DDoS threats.