SlideShare a Scribd company logo

Cloudflare and Drupal - fighting bots and traffic peaks

Download as PPTX, PDF
Łukasz Klimek
Łukasz Klimek

This document discusses using Cloudflare to improve the performance, security, and reliability of Drupal websites. It outlines the problems Drupal sites often face like spam, traffic peaks, and complex infrastructure needs. Cloudflare is presented as a solution by providing a content delivery network, web application firewall, code optimizations and other features. The document reviews Cloudflare's specific capabilities and provides guidance on preparing a Drupal site for deployment with Cloudflare, including cache invalidation strategies and modules to integrate the two platforms. Areas for future work by the Drupal community are also identified.

InternetTechnology
1 of 47
Łukasz Klimek : www.softinn.eu
PLAN 1. Introduction 2. Cloudflare basics 3. Performance 4. Security 5. Show me the results! 6. Cloudflare and Drupal 7. Questions / discussion 2
3
DRUPAL HOSTING NEEDS Shared hosting Cloud / dedicated server Complex infrastructure 4
THE PROBLEM • Spam bots • Comments • User registrations • Worms, viruses, trojans • Traffic peaks • Event websites 5
FIGHTING SPAM • Captcha-style (Captcha / reCAPTCHA) • Already cracked. By Google themselves ;-) • Mollom • captcha • text analysis • user reputation • … 6
7
PERFORMANCE ISSUES We still process our PHP scripts! • Huge CPU utilization • Memory consumption • DoS in case of multiple concurrent connections 8
INCREASING PERFORMANCE • APC • memcache • boost • … • Minimize number of requests • Combine & minify CSS / JS • Website code refactoring 9
NOT ENOUGH? • Separate DB server • Separate host for static content • Reverse proxy (Varnish) 10
SO WE GET… 11
12
ADDING REDUNDANCY  13
LOOKS COMPLEX? And that’s just the beginning  • No development/staging servers • No shared storage between servers • No backups • No monitoring • No Internet connection redundancy • Issues with bandwidth consumption • … 14
15
• 99.9% uptime • Defend against bots & spam • Handle traffic peaks • Decrease server load • Minimize bandwidth usage • Minify CSS and JS LET’S SUMMARIZE THE NEEDS 16
17
18
WHAT IS CLOUDFLARE? • Content Delivery Network (CDN) • Web Application Firewall • Code optimizer • Traffic statistics • Application platform 19
WHAT IS CLOUDFLARE? (2) 20
CLOUDFLARE NETWORK 21
22
CLOUDFLARE AS A CDN • Works like „reverse proxy” • Caching of static files • Caching of dynamic (generated) pages for anonymous users • No bandwidth limits / fees 23
PERFORMANCE SETTINGS • Caching level: • Aggressive: http://softinn.eu/pic.jpg?with=query • Simplified: http://softinn.eu/pic.jpg?ignore=this-query-string • Basic: http://softinn.eu/pic.jpg 24
RULES • Ability to customize performance & security settings based on URLs • Up to 3 rules in Free plan, 20 in Pro plan • IMO the most important tool in Cloudflare 25
CODE OPTIMIZATIONS Auto Minify - remove unnecessary characters • JS • CSS • HTML Rocket Loader • Loads JS asynchronously (after window.onload) • Can have some side-effects Website Preloader • Detects most often used static resources • Fetches these resources to browser’s cache 26
ROCKET LOADER 27
IMAGES Mirage 2 • Asynchronous image loading • All images in a single request Polish - image otimization • Lossless • Remove metadata • Average reduction of size: about 21% • Lossy • Additional lossy compression • Average reduction of size: 48% 28
MIRAGE 2.0 29
30
SECURITY OPTIONS E-mail address obfuscation Server side exclude (SSE) Browser integrity check – HTTP headers inspection (incl. User-agent) Visitor reputation Hotlink protection • HTTP Referers that are not in-zone and not blank will be denied access • Hotlink-ok mechanism (eg. http://softinn.eu/hotlink- ok/img.gif SSL support  31
THREAT CONTROL 32
SUSPICIOUS VISITORS Captcha Ability to blacklist / whitelist IPs • Drupal module: Cloudflare 33
WEB APPLICATION FIREWALL Set of security rules to address most common threats • OWASP TOP 10 • Cloudflare-designed: PHP, WHCMS, Joomla, Wordpress, … • No Drupal-specific rules  34
ALWAYS ONLINE • Limited version of your site is always online • Only the most popular pages • No POST and SSL support • Crawler-based - crawling every 7, 3 or 1 day • Triggers: • HTTP status 502 or 504 • Connection timeout, SSL errors etc. 35
36
EXAMPLE STATISTICS 37
NOT A SILVER BULLET • Logged-in users • Cache invalidation • Performance of non-cached pages 38
CACHE INVALIDATION There are only two hard things in Computer Science: cache invalidation and naming things. -- Phil Karlton (after http://martinfowler.com/bliki/TwoHardThings.html) 1. Cloudflare stores copy of a page in the cache 2. User changes this page 3. How can Cloudflare know that the page has changed? 39
• 99.9% uptime • Defend against bots & spam • Handle traffic peaks • Decrease server load • Minimize bandwidth usage • Minify CSS and JS DOES IT SOLVE OUR NEEDS? 40
41
PREPARING TO DEPLOY CLOUDFLARE 1. Cache expiration policy 2. Plan your URLs / pathauto config http://www.site.com/can-cache/... 3. Views expiration settings (Views Content Cache?) 4. Apache configuration (proper expiration of static content) 42
Expire monitors content updates Expire invokes hook_expire_cache() (cfpurge_expire_cache()) Cloudflare API: zone_file_purge • https://drupal.org/project/expire • https://drupal.org/project/cfpurge • Define „Cache everything” rule on Cloudflare • CFPurge still needs some work; only 16 installs  • Lack of Views integration 43 CACHE INVALIDATION: EXPIRE + CFPURGE
CLOUDFLARE + DRUPAL: QUICK START Review Cloudflare performance settings (Auto Minify, Caching Level, Mirage, Polish, …) Review Cloudflare security settings (obfuscation, hotlink protection, …) Whitelist important IP addresses (monitoring, APIs, …) Create Cloudflare Rules (/admin/*, /user/*, …) Handle remote (client) IP address correctly Install & configure modules (cloudflare, CFPurge, expire) Change DNS delegation Create Cloudflare account 44
DNS CONFIGURATION 45
TO DO – TASKS FOR COMMUNITY • 502 / 504 on errors (compatibility with Cloudflare Always Online) https://drupal.org/node/2268487 • Views expiration • Expire all views that use CT https://drupal.org/node/2146797 (won’t fix ) • Integrate Expire with Views Content Cache https://drupal.org/node/1786436 (won’t fix ) • Integrate blacklists with antispam modules (Mollom etc.) 46
THANK YOU! 47 Łukasz Klimek E-mail: Lukasz@softinn.eu Mobile: +48 66 999 2096 Skype: casatm | Twitter @lklimek http://tinyurl.com/lklimek http://goo.gl/2dEgs7 Software Inn www.softinn.eu

Recommended

Roy foubister (hosting high traffic sites on a tight budget)
Roy foubister (hosting high traffic sites on a tight budget)Roy foubister (hosting high traffic sites on a tight budget)
Roy foubister (hosting high traffic sites on a tight budget)WordCamp Cape Town
 
Developing High Performance and Scalable ColdFusion Application Using Terraco...
Developing High Performance and Scalable ColdFusion Application Using Terraco...Developing High Performance and Scalable ColdFusion Application Using Terraco...
Developing High Performance and Scalable ColdFusion Application Using Terraco...
ColdFusionConference
 
wordpress-performance-presentation
wordpress-performance-presentationwordpress-performance-presentation
wordpress-performance-presentationArun Janarthanan
 
CFML Sessions For Dummies
CFML Sessions For DummiesCFML Sessions For Dummies
CFML Sessions For Dummies
ColdFusionConference
 
Php & web server performace
Php & web server performacePhp & web server performace
Php & web server performaceTuyển Đoàn
 
Melbourne User Group OAK and MongoDB
Melbourne User Group OAK and MongoDBMelbourne User Group OAK and MongoDB
Melbourne User Group OAK and MongoDB
Yuval Ararat
 
Jolokia - JMX on Capsaicin (Devoxx 2011)
Jolokia - JMX on Capsaicin (Devoxx 2011)Jolokia - JMX on Capsaicin (Devoxx 2011)
Jolokia - JMX on Capsaicin (Devoxx 2011)
roland.huss
 
cache concepts and varnish-cache
cache concepts and varnish-cachecache concepts and varnish-cache
cache concepts and varnish-cache
Marc Cortinas Val
 

Recommended

Roy foubister (hosting high traffic sites on a tight budget)
Roy foubister (hosting high traffic sites on a tight budget)Roy foubister (hosting high traffic sites on a tight budget)
Roy foubister (hosting high traffic sites on a tight budget)WordCamp Cape Town
 
Developing High Performance and Scalable ColdFusion Application Using Terraco...
Developing High Performance and Scalable ColdFusion Application Using Terraco...Developing High Performance and Scalable ColdFusion Application Using Terraco...
Developing High Performance and Scalable ColdFusion Application Using Terraco...
ColdFusionConference
 
wordpress-performance-presentation
wordpress-performance-presentationwordpress-performance-presentation
wordpress-performance-presentationArun Janarthanan
 
CFML Sessions For Dummies
CFML Sessions For DummiesCFML Sessions For Dummies
CFML Sessions For Dummies
ColdFusionConference
 
Php & web server performace
Php & web server performacePhp & web server performace
Php & web server performaceTuyển Đoàn
 
Melbourne User Group OAK and MongoDB
Melbourne User Group OAK and MongoDBMelbourne User Group OAK and MongoDB
Melbourne User Group OAK and MongoDB
Yuval Ararat
 
Jolokia - JMX on Capsaicin (Devoxx 2011)
Jolokia - JMX on Capsaicin (Devoxx 2011)Jolokia - JMX on Capsaicin (Devoxx 2011)
Jolokia - JMX on Capsaicin (Devoxx 2011)
roland.huss
 
cache concepts and varnish-cache
cache concepts and varnish-cachecache concepts and varnish-cache
cache concepts and varnish-cache
Marc Cortinas Val
 
Boris Stoyanov - Troubleshooting the Virtual Router - Run and Get Diagnostics
Boris Stoyanov - Troubleshooting the Virtual Router - Run and Get DiagnosticsBoris Stoyanov - Troubleshooting the Virtual Router - Run and Get Diagnostics
Boris Stoyanov - Troubleshooting the Virtual Router - Run and Get Diagnostics
ShapeBlue
 
JavaScript Service Worker Design Patterns for Better User Experience
JavaScript Service Worker Design Patterns for Better User ExperienceJavaScript Service Worker Design Patterns for Better User Experience
JavaScript Service Worker Design Patterns for Better User Experience
reeder29
 
Drupal 8 and NGINX
Drupal 8 and NGINX Drupal 8 and NGINX
Drupal 8 and NGINX
NGINX, Inc.
 
The secret life of a dispatcher (Adobe CQ AEM)
The secret life of a dispatcher (Adobe CQ AEM)The secret life of a dispatcher (Adobe CQ AEM)
The secret life of a dispatcher (Adobe CQ AEM)
Venugopal Gummadala
 
Building a DevOps pipeline for Serverless by using Mocha, GitHub and Travis
Building a DevOps pipeline for Serverless by using Mocha, GitHub and TravisBuilding a DevOps pipeline for Serverless by using Mocha, GitHub and Travis
Building a DevOps pipeline for Serverless by using Mocha, GitHub and Travis
Exove
 
EasyEngine - Command-Line tool to manage WordPress Sites on Nginx
EasyEngine - Command-Line tool to manage WordPress Sites on NginxEasyEngine - Command-Line tool to manage WordPress Sites on Nginx
EasyEngine - Command-Line tool to manage WordPress Sites on Nginx
rtCamp
 
Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!
WordCamp Cape Town
 
Realtime with-websockets-2015
Realtime with-websockets-2015Realtime with-websockets-2015
Realtime with-websockets-2015
ColdFusionConference
 
Caching in Windows Azure
Caching in Windows AzureCaching in Windows Azure
Caching in Windows Azure
Ido Flatow
 
Php Performance On Windows
Php Performance On WindowsPhp Performance On Windows
Php Performance On Windows
ruslany
 
Less and faster – Cache tips for WordPress developers
Less and faster – Cache tips for WordPress developersLess and faster – Cache tips for WordPress developers
Less and faster – Cache tips for WordPress developers
Seravo
 
Aem dispatcher – tips & tricks
Aem dispatcher – tips & tricksAem dispatcher – tips & tricks
Aem dispatcher – tips & tricks
Ashokkumar T A
 
Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload VulnerabilityCross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload VulnerabilityRonan Dunne, CEH, SSCP
 
High Performance Web Sites
High Performance Web SitesHigh Performance Web Sites
High Performance Web Sites
Ravi Raj
 
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014
Vlad Lasky
 
Improve WordPress performance with caching and deferred execution of code
Improve WordPress performance with caching and deferred execution of codeImprove WordPress performance with caching and deferred execution of code
Improve WordPress performance with caching and deferred execution of code
Danilo Ercoli
 
Silverstripe at scale - design & architecture for silverstripe applications
Silverstripe at scale - design & architecture for silverstripe applicationsSilverstripe at scale - design & architecture for silverstripe applications
Silverstripe at scale - design & architecture for silverstripe applications
BrettTasker
 
Use Xdebug to profile PHP
Use Xdebug to profile PHPUse Xdebug to profile PHP
Use Xdebug to profile PHP
Seravo
 
Securing your web infrastructure
Securing your web infrastructureSecuring your web infrastructure
Securing your web infrastructure
WP Engine
 
PHP and FastCGI Performance Optimizations
PHP and FastCGI Performance OptimizationsPHP and FastCGI Performance Optimizations
PHP and FastCGI Performance Optimizations
Alessandro Pilotti
 
Pomerania Cloud case study - Openstack Day Warsaw 2017
Pomerania Cloud case study - Openstack Day Warsaw 2017Pomerania Cloud case study - Openstack Day Warsaw 2017
Pomerania Cloud case study - Openstack Day Warsaw 2017
Łukasz Klimek
 
NVC Kickoff Information
NVC Kickoff InformationNVC Kickoff Information
NVC Kickoff InformationHBSROCK
 

More Related Content

What's hot

Boris Stoyanov - Troubleshooting the Virtual Router - Run and Get Diagnostics
Boris Stoyanov - Troubleshooting the Virtual Router - Run and Get DiagnosticsBoris Stoyanov - Troubleshooting the Virtual Router - Run and Get Diagnostics
Boris Stoyanov - Troubleshooting the Virtual Router - Run and Get Diagnostics
ShapeBlue
 
JavaScript Service Worker Design Patterns for Better User Experience
JavaScript Service Worker Design Patterns for Better User ExperienceJavaScript Service Worker Design Patterns for Better User Experience
JavaScript Service Worker Design Patterns for Better User Experience
reeder29
 
Drupal 8 and NGINX
Drupal 8 and NGINX Drupal 8 and NGINX
Drupal 8 and NGINX
NGINX, Inc.
 
The secret life of a dispatcher (Adobe CQ AEM)
The secret life of a dispatcher (Adobe CQ AEM)The secret life of a dispatcher (Adobe CQ AEM)
The secret life of a dispatcher (Adobe CQ AEM)
Venugopal Gummadala
 
Building a DevOps pipeline for Serverless by using Mocha, GitHub and Travis
Building a DevOps pipeline for Serverless by using Mocha, GitHub and TravisBuilding a DevOps pipeline for Serverless by using Mocha, GitHub and Travis
Building a DevOps pipeline for Serverless by using Mocha, GitHub and Travis
Exove
 
EasyEngine - Command-Line tool to manage WordPress Sites on Nginx
EasyEngine - Command-Line tool to manage WordPress Sites on NginxEasyEngine - Command-Line tool to manage WordPress Sites on Nginx
EasyEngine - Command-Line tool to manage WordPress Sites on Nginx
rtCamp
 
Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!
WordCamp Cape Town
 
Realtime with-websockets-2015
Realtime with-websockets-2015Realtime with-websockets-2015
Realtime with-websockets-2015
ColdFusionConference
 
Caching in Windows Azure
Caching in Windows AzureCaching in Windows Azure
Caching in Windows Azure
Ido Flatow
 
Php Performance On Windows
Php Performance On WindowsPhp Performance On Windows
Php Performance On Windows
ruslany
 
Less and faster – Cache tips for WordPress developers
Less and faster – Cache tips for WordPress developersLess and faster – Cache tips for WordPress developers
Less and faster – Cache tips for WordPress developers
Seravo
 
Aem dispatcher – tips & tricks
Aem dispatcher – tips & tricksAem dispatcher – tips & tricks
Aem dispatcher – tips & tricks
Ashokkumar T A
 
Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload VulnerabilityCross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload VulnerabilityRonan Dunne, CEH, SSCP
 
High Performance Web Sites
High Performance Web SitesHigh Performance Web Sites
High Performance Web Sites
Ravi Raj
 
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014
Vlad Lasky
 
Improve WordPress performance with caching and deferred execution of code
Improve WordPress performance with caching and deferred execution of codeImprove WordPress performance with caching and deferred execution of code
Improve WordPress performance with caching and deferred execution of code
Danilo Ercoli
 
Silverstripe at scale - design & architecture for silverstripe applications
Silverstripe at scale - design & architecture for silverstripe applicationsSilverstripe at scale - design & architecture for silverstripe applications
Silverstripe at scale - design & architecture for silverstripe applications
BrettTasker
 
Use Xdebug to profile PHP
Use Xdebug to profile PHPUse Xdebug to profile PHP
Use Xdebug to profile PHP
Seravo
 
Securing your web infrastructure
Securing your web infrastructureSecuring your web infrastructure
Securing your web infrastructure
WP Engine
 
PHP and FastCGI Performance Optimizations
PHP and FastCGI Performance OptimizationsPHP and FastCGI Performance Optimizations
PHP and FastCGI Performance Optimizations
Alessandro Pilotti
 

What's hot (20)

Boris Stoyanov - Troubleshooting the Virtual Router - Run and Get Diagnostics
Boris Stoyanov - Troubleshooting the Virtual Router - Run and Get DiagnosticsBoris Stoyanov - Troubleshooting the Virtual Router - Run and Get Diagnostics
Boris Stoyanov - Troubleshooting the Virtual Router - Run and Get Diagnostics
 
JavaScript Service Worker Design Patterns for Better User Experience
JavaScript Service Worker Design Patterns for Better User ExperienceJavaScript Service Worker Design Patterns for Better User Experience
JavaScript Service Worker Design Patterns for Better User Experience
 
Drupal 8 and NGINX
Drupal 8 and NGINX Drupal 8 and NGINX
Drupal 8 and NGINX
 
The secret life of a dispatcher (Adobe CQ AEM)
The secret life of a dispatcher (Adobe CQ AEM)The secret life of a dispatcher (Adobe CQ AEM)
The secret life of a dispatcher (Adobe CQ AEM)
 
Building a DevOps pipeline for Serverless by using Mocha, GitHub and Travis
Building a DevOps pipeline for Serverless by using Mocha, GitHub and TravisBuilding a DevOps pipeline for Serverless by using Mocha, GitHub and Travis
Building a DevOps pipeline for Serverless by using Mocha, GitHub and Travis
 
EasyEngine - Command-Line tool to manage WordPress Sites on Nginx
EasyEngine - Command-Line tool to manage WordPress Sites on NginxEasyEngine - Command-Line tool to manage WordPress Sites on Nginx
EasyEngine - Command-Line tool to manage WordPress Sites on Nginx
 
Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!
 
Realtime with-websockets-2015
Realtime with-websockets-2015Realtime with-websockets-2015
Realtime with-websockets-2015
 
Caching in Windows Azure
Caching in Windows AzureCaching in Windows Azure
Caching in Windows Azure
 
Php Performance On Windows
Php Performance On WindowsPhp Performance On Windows
Php Performance On Windows
 
Less and faster – Cache tips for WordPress developers
Less and faster – Cache tips for WordPress developersLess and faster – Cache tips for WordPress developers
Less and faster – Cache tips for WordPress developers
 
Aem dispatcher – tips & tricks
Aem dispatcher – tips & tricksAem dispatcher – tips & tricks
Aem dispatcher – tips & tricks
 
Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload VulnerabilityCross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload Vulnerability
 
High Performance Web Sites
High Performance Web SitesHigh Performance Web Sites
High Performance Web Sites
 
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014
 
Improve WordPress performance with caching and deferred execution of code
Improve WordPress performance with caching and deferred execution of codeImprove WordPress performance with caching and deferred execution of code
Improve WordPress performance with caching and deferred execution of code
 
Silverstripe at scale - design & architecture for silverstripe applications
Silverstripe at scale - design & architecture for silverstripe applicationsSilverstripe at scale - design & architecture for silverstripe applications
Silverstripe at scale - design & architecture for silverstripe applications
 
Use Xdebug to profile PHP
Use Xdebug to profile PHPUse Xdebug to profile PHP
Use Xdebug to profile PHP
 
Securing your web infrastructure
Securing your web infrastructureSecuring your web infrastructure
Securing your web infrastructure
 
PHP and FastCGI Performance Optimizations
PHP and FastCGI Performance OptimizationsPHP and FastCGI Performance Optimizations
PHP and FastCGI Performance Optimizations
 

Viewers also liked

Pomerania Cloud case study - Openstack Day Warsaw 2017
Pomerania Cloud case study - Openstack Day Warsaw 2017Pomerania Cloud case study - Openstack Day Warsaw 2017
Pomerania Cloud case study - Openstack Day Warsaw 2017
Łukasz Klimek
 
NVC Kickoff Information
NVC Kickoff InformationNVC Kickoff Information
NVC Kickoff InformationHBSROCK
 
Running a Robust DNS Infrastructure with CloudFlare Virtual DNS
Running a Robust DNS Infrastructure with CloudFlare Virtual DNSRunning a Robust DNS Infrastructure with CloudFlare Virtual DNS
Running a Robust DNS Infrastructure with CloudFlare Virtual DNS
Cloudflare
 
OpenStack Tutorial
OpenStack TutorialOpenStack Tutorial
OpenStack Tutorial
Bret Piatt
 
2 Day Bootcamp for OpenStack--Cloud Training by Mirantis (Preview)
2 Day Bootcamp for OpenStack--Cloud Training by Mirantis (Preview)2 Day Bootcamp for OpenStack--Cloud Training by Mirantis (Preview)
2 Day Bootcamp for OpenStack--Cloud Training by Mirantis (Preview)
Mirantis
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack Architecture
Mirantis
 
Deep Dive: OpenStack Summit (Red Hat Summit 2014)
Deep Dive: OpenStack Summit (Red Hat Summit 2014)Deep Dive: OpenStack Summit (Red Hat Summit 2014)
Deep Dive: OpenStack Summit (Red Hat Summit 2014)
Stephen Gordon
 
A Guide to SlideShare Analytics - Excerpts from Hubspot's Step by Step Guide ...
A Guide to SlideShare Analytics - Excerpts from Hubspot's Step by Step Guide ...A Guide to SlideShare Analytics - Excerpts from Hubspot's Step by Step Guide ...
A Guide to SlideShare Analytics - Excerpts from Hubspot's Step by Step Guide ...SlideShare
 

Viewers also liked (8)

Pomerania Cloud case study - Openstack Day Warsaw 2017
Pomerania Cloud case study - Openstack Day Warsaw 2017Pomerania Cloud case study - Openstack Day Warsaw 2017
Pomerania Cloud case study - Openstack Day Warsaw 2017
 
NVC Kickoff Information
NVC Kickoff InformationNVC Kickoff Information
NVC Kickoff Information
 
Running a Robust DNS Infrastructure with CloudFlare Virtual DNS
Running a Robust DNS Infrastructure with CloudFlare Virtual DNSRunning a Robust DNS Infrastructure with CloudFlare Virtual DNS
Running a Robust DNS Infrastructure with CloudFlare Virtual DNS
 
OpenStack Tutorial
OpenStack TutorialOpenStack Tutorial
OpenStack Tutorial
 
2 Day Bootcamp for OpenStack--Cloud Training by Mirantis (Preview)
2 Day Bootcamp for OpenStack--Cloud Training by Mirantis (Preview)2 Day Bootcamp for OpenStack--Cloud Training by Mirantis (Preview)
2 Day Bootcamp for OpenStack--Cloud Training by Mirantis (Preview)
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack Architecture
 
Deep Dive: OpenStack Summit (Red Hat Summit 2014)
Deep Dive: OpenStack Summit (Red Hat Summit 2014)Deep Dive: OpenStack Summit (Red Hat Summit 2014)
Deep Dive: OpenStack Summit (Red Hat Summit 2014)
 
A Guide to SlideShare Analytics - Excerpts from Hubspot's Step by Step Guide ...
A Guide to SlideShare Analytics - Excerpts from Hubspot's Step by Step Guide ...A Guide to SlideShare Analytics - Excerpts from Hubspot's Step by Step Guide ...
A Guide to SlideShare Analytics - Excerpts from Hubspot's Step by Step Guide ...
 

Similar to Cloudflare and Drupal - fighting bots and traffic peaks

High performance website
High performance websiteHigh performance website
High performance websiteChamnap Chhorn
 
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
Amazon Web Services
 
Mini-Training: To cache or not to cache
Mini-Training: To cache or not to cacheMini-Training: To cache or not to cache
Mini-Training: To cache or not to cache
Betclic Everest Group Tech Team
 
BrightonSEO 2019 - Edge SEO - Using CDNs To Perform SEO On The Edge
BrightonSEO 2019 - Edge SEO - Using CDNs To Perform SEO On The EdgeBrightonSEO 2019 - Edge SEO - Using CDNs To Perform SEO On The Edge
BrightonSEO 2019 - Edge SEO - Using CDNs To Perform SEO On The Edge
Dan Taylor
 
Rails Security
Rails SecurityRails Security
Rails Security
Jonathan Weiss
 
performance.ppt
performance.pptperformance.ppt
performance.ppt
fakeaccount225095
 
More Cache for Less Cash (DevLink 2014)
More Cache for Less Cash (DevLink 2014)More Cache for Less Cash (DevLink 2014)
More Cache for Less Cash (DevLink 2014)
Michael Collier
 
Making the web faster
Making the web fasterMaking the web faster
Making the web faster
Patrick Meenan
 
What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...
What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...
What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...
Frank Munz
 
Do you lose sleep at night?
Do you lose sleep at night?Do you lose sleep at night?
Do you lose sleep at night?
Nathan Van Gheem
 
To Kill a Monolith: Slaying the Demons of a Monolith with Node.js Microservic...
To Kill a Monolith: Slaying the Demons of a Monolith with Node.js Microservic...To Kill a Monolith: Slaying the Demons of a Monolith with Node.js Microservic...
To Kill a Monolith: Slaying the Demons of a Monolith with Node.js Microservic...
Tony Erwin
 
Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...
Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...
Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...
Amazon Web Services
 
How to Ensure You're Launching the Most Secure Website - Michael Tremante
How to Ensure You're Launching the Most Secure Website - Michael TremanteHow to Ensure You're Launching the Most Secure Website - Michael Tremante
How to Ensure You're Launching the Most Secure Website - Michael Tremante
WP Engine
 
Gaming across multiple devices
Gaming across multiple devicesGaming across multiple devices
Gaming across multiple devices
Patric Boscolo
 
More Cache for Less Cash
More Cache for Less CashMore Cache for Less Cash
More Cache for Less Cash
Michael Collier
 
Building Lightning Fast Websites (for Twin Cities .NET User Group)
Building Lightning Fast Websites (for Twin Cities .NET User Group)Building Lightning Fast Websites (for Twin Cities .NET User Group)
Building Lightning Fast Websites (for Twin Cities .NET User Group)
strommen
 
Mobile Browser Internal (Blink Rendering Engine)
Mobile Browser Internal (Blink Rendering Engine)Mobile Browser Internal (Blink Rendering Engine)
Mobile Browser Internal (Blink Rendering Engine)
Hyungwook Lee
 
Windows Azure Essentials V3
Windows Azure Essentials V3Windows Azure Essentials V3
Windows Azure Essentials V3
Michele Leroux Bustamante
 

Similar to Cloudflare and Drupal - fighting bots and traffic peaks (20)

High performance website
High performance websiteHigh performance website
High performance website
 
Ruby on-rails-security
Ruby on-rails-securityRuby on-rails-security
Ruby on-rails-security
 
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
 
Varnish intro
Varnish introVarnish intro
Varnish intro
 
Mini-Training: To cache or not to cache
Mini-Training: To cache or not to cacheMini-Training: To cache or not to cache
Mini-Training: To cache or not to cache
 
BrightonSEO 2019 - Edge SEO - Using CDNs To Perform SEO On The Edge
BrightonSEO 2019 - Edge SEO - Using CDNs To Perform SEO On The EdgeBrightonSEO 2019 - Edge SEO - Using CDNs To Perform SEO On The Edge
BrightonSEO 2019 - Edge SEO - Using CDNs To Perform SEO On The Edge
 
Rails Security
Rails SecurityRails Security
Rails Security
 
performance.ppt
performance.pptperformance.ppt
performance.ppt
 
More Cache for Less Cash (DevLink 2014)
More Cache for Less Cash (DevLink 2014)More Cache for Less Cash (DevLink 2014)
More Cache for Less Cash (DevLink 2014)
 
Making the web faster
Making the web fasterMaking the web faster
Making the web faster
 
What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...
What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...
What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...
 
Do you lose sleep at night?
Do you lose sleep at night?Do you lose sleep at night?
Do you lose sleep at night?
 
To Kill a Monolith: Slaying the Demons of a Monolith with Node.js Microservic...
To Kill a Monolith: Slaying the Demons of a Monolith with Node.js Microservic...To Kill a Monolith: Slaying the Demons of a Monolith with Node.js Microservic...
To Kill a Monolith: Slaying the Demons of a Monolith with Node.js Microservic...
 
Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...
Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...
Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...
 
How to Ensure You're Launching the Most Secure Website - Michael Tremante
How to Ensure You're Launching the Most Secure Website - Michael TremanteHow to Ensure You're Launching the Most Secure Website - Michael Tremante
How to Ensure You're Launching the Most Secure Website - Michael Tremante
 
Gaming across multiple devices
Gaming across multiple devicesGaming across multiple devices
Gaming across multiple devices
 
More Cache for Less Cash
More Cache for Less CashMore Cache for Less Cash
More Cache for Less Cash
 
Building Lightning Fast Websites (for Twin Cities .NET User Group)
Building Lightning Fast Websites (for Twin Cities .NET User Group)Building Lightning Fast Websites (for Twin Cities .NET User Group)
Building Lightning Fast Websites (for Twin Cities .NET User Group)
 
Mobile Browser Internal (Blink Rendering Engine)
Mobile Browser Internal (Blink Rendering Engine)Mobile Browser Internal (Blink Rendering Engine)
Mobile Browser Internal (Blink Rendering Engine)
 
Windows Azure Essentials V3
Windows Azure Essentials V3Windows Azure Essentials V3
Windows Azure Essentials V3
 

Recently uploaded

急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
3ipehhoa
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
eutxy
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 
Bài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docxBài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docx
nhiyenphan2005
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
ysasp1
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
Arif0071
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
Trending Blogers
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
cuobya
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
fovkoyb
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
3ipehhoa
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
Javier Lasa
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Brad Spiegel Macon GA
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
Danica Gill
 
Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027
harveenkaur52
 
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
CIOWomenMagazine
 
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
cuobya
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
hackersuli
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
keoku
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
Laura Szabó
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
zoowe
 

Recently uploaded (20)

急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 
Bài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docxBài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docx
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
 
Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027
 
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
 
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
 

Cloudflare and Drupal - fighting bots and traffic peaks

  • 1. Łukasz Klimek : www.softinn.eu
  • 2. PLAN 1. Introduction 2. Cloudflare basics 3. Performance 4. Security 5. Show me the results! 6. Cloudflare and Drupal 7. Questions / discussion 2
  • 3. 3
  • 4. DRUPAL HOSTING NEEDS Shared hosting Cloud / dedicated server Complex infrastructure 4
  • 5. THE PROBLEM • Spam bots • Comments • User registrations • Worms, viruses, trojans • Traffic peaks • Event websites 5
  • 6. FIGHTING SPAM • Captcha-style (Captcha / reCAPTCHA) • Already cracked. By Google themselves ;-) • Mollom • captcha • text analysis • user reputation • … 6
  • 7. 7
  • 8. PERFORMANCE ISSUES We still process our PHP scripts! • Huge CPU utilization • Memory consumption • DoS in case of multiple concurrent connections 8
  • 9. INCREASING PERFORMANCE • APC • memcache • boost • … • Minimize number of requests • Combine & minify CSS / JS • Website code refactoring 9
  • 10. NOT ENOUGH? • Separate DB server • Separate host for static content • Reverse proxy (Varnish) 10
  • 12. 12
  • 14. LOOKS COMPLEX? And that’s just the beginning  • No development/staging servers • No shared storage between servers • No backups • No monitoring • No Internet connection redundancy • Issues with bandwidth consumption • … 14
  • 15. 15
  • 16. • 99.9% uptime • Defend against bots & spam • Handle traffic peaks • Decrease server load • Minimize bandwidth usage • Minify CSS and JS LET’S SUMMARIZE THE NEEDS 16
  • 17. 17
  • 18. 18
  • 19. WHAT IS CLOUDFLARE? • Content Delivery Network (CDN) • Web Application Firewall • Code optimizer • Traffic statistics • Application platform 19
  • 22. 22
  • 23. CLOUDFLARE AS A CDN • Works like „reverse proxy” • Caching of static files • Caching of dynamic (generated) pages for anonymous users • No bandwidth limits / fees 23
  • 24. PERFORMANCE SETTINGS • Caching level: • Aggressive: http://softinn.eu/pic.jpg?with=query • Simplified: http://softinn.eu/pic.jpg?ignore=this-query-string • Basic: http://softinn.eu/pic.jpg 24
  • 25. RULES • Ability to customize performance & security settings based on URLs • Up to 3 rules in Free plan, 20 in Pro plan • IMO the most important tool in Cloudflare 25
  • 26. CODE OPTIMIZATIONS Auto Minify - remove unnecessary characters • JS • CSS • HTML Rocket Loader • Loads JS asynchronously (after window.onload) • Can have some side-effects Website Preloader • Detects most often used static resources • Fetches these resources to browser’s cache 26
  • 28. IMAGES Mirage 2 • Asynchronous image loading • All images in a single request Polish - image otimization • Lossless • Remove metadata • Average reduction of size: about 21% • Lossy • Additional lossy compression • Average reduction of size: 48% 28
  • 30. 30
  • 31. SECURITY OPTIONS E-mail address obfuscation Server side exclude (SSE) Browser integrity check – HTTP headers inspection (incl. User-agent) Visitor reputation Hotlink protection • HTTP Referers that are not in-zone and not blank will be denied access • Hotlink-ok mechanism (eg. http://softinn.eu/hotlink- ok/img.gif SSL support  31
  • 33. SUSPICIOUS VISITORS Captcha Ability to blacklist / whitelist IPs • Drupal module: Cloudflare 33
  • 34. WEB APPLICATION FIREWALL Set of security rules to address most common threats • OWASP TOP 10 • Cloudflare-designed: PHP, WHCMS, Joomla, Wordpress, … • No Drupal-specific rules  34
  • 35. ALWAYS ONLINE • Limited version of your site is always online • Only the most popular pages • No POST and SSL support • Crawler-based - crawling every 7, 3 or 1 day • Triggers: • HTTP status 502 or 504 • Connection timeout, SSL errors etc. 35
  • 36. 36
  • 38. NOT A SILVER BULLET • Logged-in users • Cache invalidation • Performance of non-cached pages 38
  • 39. CACHE INVALIDATION There are only two hard things in Computer Science: cache invalidation and naming things. -- Phil Karlton (after http://martinfowler.com/bliki/TwoHardThings.html) 1. Cloudflare stores copy of a page in the cache 2. User changes this page 3. How can Cloudflare know that the page has changed? 39
  • 40. • 99.9% uptime • Defend against bots & spam • Handle traffic peaks • Decrease server load • Minimize bandwidth usage • Minify CSS and JS DOES IT SOLVE OUR NEEDS? 40
  • 41. 41
  • 42. PREPARING TO DEPLOY CLOUDFLARE 1. Cache expiration policy 2. Plan your URLs / pathauto config http://www.site.com/can-cache/... 3. Views expiration settings (Views Content Cache?) 4. Apache configuration (proper expiration of static content) 42
  • 43. Expire monitors content updates Expire invokes hook_expire_cache() (cfpurge_expire_cache()) Cloudflare API: zone_file_purge • https://drupal.org/project/expire • https://drupal.org/project/cfpurge • Define „Cache everything” rule on Cloudflare • CFPurge still needs some work; only 16 installs  • Lack of Views integration 43 CACHE INVALIDATION: EXPIRE + CFPURGE
  • 44. CLOUDFLARE + DRUPAL: QUICK START Review Cloudflare performance settings (Auto Minify, Caching Level, Mirage, Polish, …) Review Cloudflare security settings (obfuscation, hotlink protection, …) Whitelist important IP addresses (monitoring, APIs, …) Create Cloudflare Rules (/admin/*, /user/*, …) Handle remote (client) IP address correctly Install & configure modules (cloudflare, CFPurge, expire) Change DNS delegation Create Cloudflare account 44
  • 46. TO DO – TASKS FOR COMMUNITY • 502 / 504 on errors (compatibility with Cloudflare Always Online) https://drupal.org/node/2268487 • Views expiration • Expire all views that use CT https://drupal.org/node/2146797 (won’t fix ) • Integrate Expire with Views Content Cache https://drupal.org/node/1786436 (won’t fix ) • Integrate blacklists with antispam modules (Mollom etc.) 46
  • 47. THANK YOU! 47 Łukasz Klimek E-mail: Lukasz@softinn.eu Mobile: +48 66 999 2096 Skype: casatm | Twitter @lklimek http://tinyurl.com/lklimek http://goo.gl/2dEgs7 Software Inn www.softinn.eu