Mastodon

Get started with CloudFlare security on Pluralsight

You may not realise this, but you use CloudFlare. You probably use it every day and you do so without even realising it. You reap numerous benefits from it as well but they’re seamless – it just makes your browsing experience better. By better I mean faster and most importantly in the context of this blog post and my latest Pluralsight course, more secure. Unless you’re an attacker in which case this may happen:

The CloudFlare Model

You may have actually seen CloudFlare now and again without actually quite realising what it was. For example, you may have seen this:

A CloudFlare challenge in the Tor browser

This is CloudFlare challenging me because I’ve loaded a site they protect with the Tor browser and they’re not entirely confident the request isn’t malicious. What’s less obvious is the technology doing this is also protecting the site from malicious activity such as often seen via botnets or manifests itself as DDoS attacks.

The reason you’re using CloudFlare is because, well, pretty much everyone is. Their service is approaching 2 billion unique users each month looking at more than 400 billion pages and making 5 trillion (yes – with a “t”) requests each and every month. Oh – and it’s growing at 450% each year. This is why you’re using CloudFlare – because everyone is.

But let’s turn this around and focus on “you” as someone building or running websites as opposed to just browsing them. Why do you want CloudFlare? Well beyond the benefits mentioned above in terms of challenging suspicious traffic (that’s configurable, by the way), you get things like free SSL. This is a big thing at a time where SSL is still considered a premium service. In fact I wrote about this recently in How to get your SSL for free on a Shared Azure website with CloudFlare where I showed how to pay Microsoft only about 1/6th of what you otherwise would for a website with SSL by using their shared offering with CloudFlare rather than paying for a dedicated offering. (Incidentally, the comments on that post are a worthwhile read about what is and is not SSL protected.)

There’s a whole lot more you get form CloudFlare too but here’s the best bit – you get these things for free. And it only takes 5 minutes to setup. And there’s now a Pluralsight course on how to do it:

CloudFlare™ provides a free service to encapsulate an existing website and route traffic through their infrastructure. This allows them to apply numerous defensive measures to help secure the site from a range of online risks. In this course, we'll go through the process of setting up a site in CloudFlare™, assessing the security profile, then strengthening the configuration to maximize the value of the additional defenses.

I wanted to create the course because I love the CloudFlare service. It’s one of those ones where when you first use it you just go “Wow, that is ridiculously cool and unbelievably simple”. The course had to be succinct though – creating a long course about something that’s a 5 minute setup process wouldn’t make much sense! So I created a 1 hour 38 minute course about not just how to provision the service (that genuinely is only 5 minutes), but also how to configure it as securely as possible and most importantly, how the security measures actually work. “Security in a box” is cool for a certain audience, but in my view if you’re building web assets professionally then you genuinely want to understand how it actually works!

I loved creating this course because it was just so enjoyable to write. I’m really happy with how it’s panned out and I really hope you enjoy watching it. Getting Started with CloudFlare™ Security is now live – enjoy!

Pluralsight
Tweet Post Update Email RSS

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals