Yesterday, Today on the Cloudflare Community
A fast paced look at Cloudflare Community activity, a deep dive into the hot issues from yesterday -- and related CommunityTips and tutorials. Featuring an interactive troubleshooting session led by a Community MVP.
Transcript (Beta)
REPLICA REPLICA REPLICA REPLICA Welcome to Yesterday Today on the Cloudflare Community.
I'm your host, Tim Clunan.
If you'd like to know more about the Cloudflare Community, join us every Friday for a new edition of Yesterday Today.
Every Friday, we start by looking at the summary of the popular topics and traffic from last week on this Community Day and the Community Traffic Report.
We have the ever-informative Using the Cloudflare Community tip and occasional interviews with community MVPs and customer support engineers.
And every week, we conclude with In Class with Cloudflare, where we learn a few things about the community.
Turning to the traffic report, with the start of July and the traditional summer holidays, overall community traffic remained seasonally slow versus the prior week, with new posts down slightly and overall traffic down dramatically, while new posts remain solid and new customers joining remains dramatically up for the year.
For this Community Day, last week, the top three searches on the community were for non -existing domain errors, site not secure, and error 1016.
The most popular area for discussion on the community last week was security, with questions about getting started with the WAF leaving the category.
Last week, all categories were about equally active, with a tie for the second most active category between the performance category with questions about site load time and the general category with a range of questions about everything from billing to the functionality of the dashboard.
Across both performance and the general categories, the top topics and most of the discussion last week was focused on getting started with page rules, getting started with load balancing, or getting started with analytics.
Interestingly, security and performance have been the most popular community categories about half the time for the past month and a half.
And that leads us to our top story today. We're going to talk about something that we see every day on community .Cloudflare.com.
How do you get started quickly using Cloudflare?
Before we dig in, I'm going to be referencing a number of sites, posts, tips, and tutorials throughout the show.
Go to the link shown on the screen to follow along today, or go later to view the assets that we'll talk about on today's show.
Next, let me ask you to join the show today by submitting your questions to livestudio at Cloudflare .tv, or just hit the email to the show button on the Cloudflare.tv site.
Now, our top story, getting started with Cloudflare using the Cloudflare community.
We all start with Cloudflare in pretty much the same way.
And so what we're going to do today is we're going to be focusing on that kind of narrowest point in the getting started process, those things that all of us do and that all of us need to do in order to effectively use Cloudflare.
For each area that we talk about today, we'll share resources to help you get started and other resources to help you troubleshoot the feature if you run into problems.
And I'll offer a pro tip for each of the area that we talk about on the community.
Assuming you're not signing up via Cloudflare, we all get started by selecting sign up from the top right of the Cloudflare.com screen.
You provide your email address, your password, you identify a domain that you'd like to add onto Cloudflare, and then you're asked to select a plan type.
Cloudflare plan types range from free to enterprise.
It's possible that as you begin using Cloudflare, you're uncertain exactly what features you're going to want to use or exactly how you'll be using Cloudflare.
So here's the first pro tip. If you're new to Cloudflare or unsure exactly what you need from Cloudflare, start with a free plan.
You can change that later very, very easily, and you can also have a mixture of different plan types for different domains.
So in one account, you can have free plans, pro plans, business plans, and enterprise plans.
Now, you've signed up directly through Cloudflare, you've identified your domain, you've selected your plan type, and unless that domain is on a business plan or higher, the next step that you're going to need to do is you're going to need to change your name servers.
When you sign up with Cloudflare, you're given two name servers. They'll be something like tim.ns.Cloudflare.com and shaman.ns.Cloudflare.com.
However, if you're on a business plan and you want to perform a CNAME setup, rather than change your name servers, you would add a DNS record to your Cloudflare dashboard and keep that record in place for the duration of the service.
Let's talk a little bit about DNS.
We have in the last few episodes as well. So as you get started with name servers, we talked a lot about that in the prior week, and there are a lot of resources that are available on how to change the name servers at your domain registrar.
And there are a lot of ways to troubleshoot it if you run into problems after changing your name servers with your domain registrar.
Because there are a lot of resources that are available around the issues, selecting a protip is difficult.
Aside from two common issues that we see with name servers on the community, like incorrectly changing the name servers at your host or adding name server records to your DNS records as opposed to changing the names at your registrar, the protip here for name servers as you get started using Cloudflare is that you should only have two name servers, and they should both point to Cloudflare.
Don't leave the old name servers in place.
They perform no value and will actually prevent your site from authenticating on Cloudflare.
Next, many customers turn their attention to email.
Many people that use Cloudflare have email associated with the domain that they have on Cloudflare.
Note that Cloudflare doesn't proxy your email. So for email, what you need to do is you need to add a mail exchange record to your DNS records, an MX record as it's called, and then that will allow your mail to work with Cloudflare.
You can follow the tutorials that you see here that will actually step you through a series of questions and answers in terms of how you set up your email so that you can effectively send and receive email from the domain that's on Cloudflare.
The pro tip here is to always remember that you need to gray cloud your mail record, and this is actually probably one of the better pro tips for the episode today because it's something that affects a lot of folks as they're setting up their email is that everything else will be perfect, but they've forgotten to gray cloud that record.
So they're attempting to proxy that record. So the way that this is done is that you click orange clouds to turn them to gray, so proxy to turn it to non-proxy, or non-proxy to turn it to proxy, or gray to orange.
So orange to gray, gray to orange, and then you'll be able to get your mail sending and receiving without a problem.
After setting up email and getting the site active on Cloudflare, a lot of what folks turn their attention to is security, and they want to do this by adding an SSL certificate.
Once your site is active on Cloudflare, the universal SSL certificate provisioning process actually begins.
While Cloudflare provides a range of SSL certificates for encrypting traffic to your Cloudflare domain, the free Cloudflare universal SSL is the default certificate that's automatically supplied when a domain becomes active on Cloudflare.
It's suitable for a lot of Cloudflare users, but there are a lot of other resources that are available and things that Cloudflare offers that allow you to compare and contrast the different Cloudflare SSL offerings so you can decide which option best suits your needs for your site.
Many customers find it helpful to reach out with questions about SSL on the community, and there's no shortage of other Cloudflare customers on the community that are there to assist you.
SSL, or as some browsers will display it, a green padlock, is a very real objective for a lot of new Cloudflare customers.
They want that to ensure that their visitors know that their site is safe and secure to visit.
As such, it's understandably stressful when SSL doesn't work, and SSL is also another very popular topic on the community.
There are a lot of resources that are available. In fact, a few weeks ago, we talked in detail about mixed content issues, breaking that green padlock, and preventing SSL from working effectively on your site.
The pro tip here is a simple one for SSL.
If your universal SSL certificate has not been provisioned within 24 hours of the site becoming active on Cloudflare, toggle universal SSL off for 15 minutes and then back on to restart the certificate provisioning process.
This works about 90% of the time, and it'll make certain that you get your certificate provisioned and that your site loads securely.
Once your site is set up and active on Cloudflare, you'll want to ensure it stays that way.
Cloudflare offers a number of security features and a number of different site protection options that you can go through.
Basically, you can use the Cloudflare security level to control capture challenges for visitors with low reputation IPs.
As folks come to your site, you can look at their IP address, and then depending upon the reputation of that IP address, you can decide what security level you need to put in.
Using the Cloudflare security levels, you can challenge IPs only with recent questionable history in the last couple of weeks, those that are deemed moderately threatening, or you can only choose to challenge those that are deemed very, very threatening.
A lot of it's based upon your history with your site and the traffic that you're getting, and then that'll determine how you want to make those settings.
The risk associated with the IP address is as determined by Project Honeypot.
Typically, what will happen is folks will have an IP that's been involved in some sort of malicious activity, and they'll need to get that cleared through Project Honeypot in order to stop those capture challenges from affecting them.
When you start using Cloudflare and you're getting started, Cloudflare sets the security level to medium.
You can change the security level settings in the Cloudflare Firewall app.
For experienced users, you can use threat score values as a criteria in the firewall rules that you create, and as demonstrated in last week's show, we can set security level and configure it via a page rule, which is actually a really neat function.
And as with everything, too much is not great.
So our pro tip for security is to only use the I am under attack mode if your website is actually under a DDoS attack.
I am under attack mode may affect some of your domain and or your API traffic, so you only want to use it if you need it.
With that being said, we do see a number of posts on the community where folks will say, I'm under attack, what do I do?
And the answer, of course, is do you have under attack mode on?
And so that should be your first reaction as you encounter an attack is to enable the I'm under attack mode.
If your site's not under attack, you don't need the functionality. Let's stay with security for a second.
It's a popular category for discussion, and so we want to make certain that we talk about it in depth.
But we're going to shift our focus briefly from all of those features that affect all of us to the features that are available to some of us.
Specifically, I'm talking about bot management. All plans include Cloudflare Bot Fight Mode.
Bot Fight Mode detects bad bots, slows them down, and notifies our bandwidth alliance partners to disable the bot if they're able.
Rather, bot management is different than Bot Fight Mode. Bot management focuses on an explicit bot mitigation, but it doesn't have the need to block traffic and block bot IP address in the Cloudflare firewall.
The pro tip here is that bot management is an enterprise feature.
Contact your customer success manager to enable bot management if you're an enterprise customer.
Now, as we work through getting our site set up in Cloudflare and getting active on Cloudflare, and your site's configured and it's configured to your liking, customers often turn to performance tuning on the site.
Performance options can be found under the Speed app of the Cloudflare dashboard.
If you post questions with performance in particular, it's really important to detail the steps that you've taken and the configuration that you have, and that helps others help you more effectively.
The more details, the better. One question about performance and routing that comes up frequently on the community is our pro tip for performance.
That is, why is traffic to my site routed to a different data center than the one closest to me?
It's important to note that the Cloudflare Anycast network routes traffic based on priority and peering relationships.
This results in the fastest path not always being the shortest path geographically.
While that's sometimes difficult for users to understand, the reality of it is that it's still the fastest route.
Next, we're going to talk about some power tools for your site.
Specifically, we're going to talk about Cloudflare Workers. Cloudflare Workers provides a serverless execution environment that lets you create new applications or augment existing apps that are running on your site.
You do this without configuring or maintaining infrastructure, but rather by leveraging the compute power at Cloudflare's edge.
There are a lot of great assets for workers, like this template gallery, some instructions on worker sites that you can reach off of this, and a lot of really, really good examples of workers that folks have built.
But one of my favorites for workers is our pro tip for today, which is workers.dev.
Workers.dev allows you to enable workers for your Cloudflare account and then to perform quick edits and deploy that code onto the workers.dev subdomain.
Specifically, in a quick edit, I'm able to edit this welcome message to my site, such that when folks hit my worker, it says, thank you for watching yesterday, today on Cloudflare TV.
I can customize this for a variety of different things. In fact, last week we looked at how we can use a worker to augment page rules, so that if we have a limited number of page rules and we don't want to purchase more, actually setting up workers to handle the page rules functionality.
So there's workers for a whole variety of different functions, and it's well worth investigating because it's quite an interesting option.
Finally, our last pro tip for today.
As you approach getting started in troubleshooting with your website, remember that most questions have been asked and answered before.
A simple search may help you answer your question before you even need to ask it.
Thank you for joining yesterday, today on the Cloudflare community, and thank you for your questions.
I'm your host, Tim Clunan. I'll see you next Friday for another edition of Yesterday, Today.
See you then.
Bye. Hi, we're Cloudflare.
We're building one of the world's largest global cloud networks to help make the Internet faster, more secure, and more reliable.
Meet our customer, BookMyShow.
They've become India's largest ticketing platform, thanks to its commitment to the customer experience and technical expertise.
We are primarily a ticketing company.
The numbers are really big. We have more than 60 million customers who are registered with us.
We're on 5 billion screen views every month.
200 million tickets over the year. We think about what is the best for the customer.
If we do not handle customers' experience well, then they are not going to come back again.
And BookMyShow is all about providing that experience. As BookMyShow grew, so did the security threats it faced.
That's when it turned to Cloudflare.
From a security point of view, we use more or less all the products and features that Cloudflare has.
Cloudflare today plays the first level of defense for us.
One of the most interesting and aha moments was when we actually got a DDoS, and we were seeing traffic burst up to 50 gigabits per second, 50 GB per second.
Usually, we would go into panic mode and get downtime.
But then, all we got was an alert, and then we just checked it out, and then we didn't have to do anything.
We just sat there, looked at the traffic peak, and then being controlled.
It just took less than a minute for Cloudflare to kind of start blocking that traffic.
Without Cloudflare, we wouldn't have been able to easily manage this because even our data center level, that's the kind of pipe, you know, is not easily available.
We started with Cloudflare for security, and I think that was the aha moment.
We actually get more sleep now because a lot of the operational overhead is reduced.
With the attacks safely mitigated, BookMyShow found more ways to harness Cloudflare for better security, performance, and operational efficiency.
Once we came on board on the platform, we started seeing the advantage of the other functionalities and features.
It was really, really easy to implement HTTP2 when we decided to move towards that.
Cloudflare Workers, which is the, you know, computing at the edge, we can move that business logic that we have written custom for our applications at the Cloudflare edge level.
One of the most interesting things we liked about Cloudflare was everything can be done by the API, which makes almost zero manual work.
That helps my team a lot because they don't really have to worry about what they're running because they can see, they can run the test, and then they know they're not going to break anything.
Our teams have been, you know, able to manage Cloudflare on their own for more or less anything and everything.
Cloudflare also empowers BookMyShow to manage its traffic across a complex, highly performant global infrastructure.
We are running on not only hybrid, we are running on hybrid and multi -cloud strategy.
Cloudflare is the entry point for our customers.
Whether it is a cloud in the backend or it is our own data center in the backend, Cloudflare is always the first point of contact.
We do load balancing as well as we have multiple data centers running.
Data center selection happens on Cloudflare.
It also gives us fine-grained control on how much traffic we can push to which data center depending upon what is happening in that data center and what is the capacity of the data center.
We believe that our applications and our data centers should be closest to the customers.
Cloudflare just provides us the right tools to do that.
With Cloudflare, BookMyShow has been able to improve its security, performance, reliability, and operational efficiency.
With customers like BookMyShow and over 20 million other domains that trust Cloudflare with their security and performance, we're making the Internet fast, secure, and reliable for everyone.
Cloudflare, helping build a better Internet.
This video will walk you through how to export access logs to a third-party SIEM and security intelligence platform using LogPush.
For this demo, we'll use an active Cloudflare domain with access enabled and a pre-configured Google Cloud Storage account.
To learn more about how to configure Cloudflare access, please visit the developer documentation at developers.Cloudflare.com backslash access.
The first step to exporting your Cloudflare access logs is to log into Cloudflare and choose an active domain that has Cloudflare access enabled.
After logging in, navigate to the Analytics app in the Cloudflare dashboard.
Then, click the Logs tab.
Here, you can set jobs to push your logs outside of Cloudflare's platform.
Cloudflare supports different destinations, such as Amazon S3, Google Cloud Storage, Sumo Logic, and Microsoft Azure.
For this demo, we'll use Google Cloud Storage.
After choosing your preferred service, which in this case is Google Cloud, click Next to configure the bucket path.
The first step is to name the bucket.
This name should be consistent with the bucket name in Google Cloud. The next step is to define a subfolder for Cloudflare to push your logs.
You have the option to set daily subfolders, so let's choose Yes.
Cloudflare pushes the logs to dated subfolders, so it's very important to set the bucket permission to allow Cloudflare to push logs.
Now that the bucket path is defined, you need to set the route.
Copy the IAM user listed here. Now, you need to head to Google Cloud Storage to add that user.
Navigate to Google Cloud Storage, click Add Members, and paste the user from Cloudflare into the New Member field.
Select the Storage Object Admin role, which gives full control of Google Cloud Storage objects.
Click Save to complete.
Now, we need to head back to the log push configuration in the Cloudflare dashboard and validate the access.
Click Validate Access. When clicked, Cloudflare sends a test file to your destination to validate the access and prove ownership.
Now let's go back to Google Cloud.
Click Objects. Here you see a new folder created with today's date.
Click the folder, and you should see the test file from Cloudflare.
Click the file, then the link URL, and copy-paste the ownership token into the log push configuration within the Cloudflare dashboard.
Then, click Prove Ownership.
Now that the ownership has been validated, you need to choose a dataset.
I'm going to select the HTTP requests. You'll see a list of fields to add to the logs, including cache, performance metrics, firewall, etc.
For now, I'll choose the default selection. If you click Advanced Settings, you'll see that you can set the timestamp format or choose to only send a random sample percentage of your logs to decrease the log value.
Let's stick with the defaults and click Save and Start Pushing to complete the log push configuration.
Now that the log push configuration is complete, I need to use the Log Push API to import the data fields from Cloudflare to the Google Cloud Platform.
For this, we'll use Plus9, an API client that eases the work of doing API manipulation.
The first step is to get the ID of the job I've just created.
To do this, run the following API request.
After sending the request to the API, you'll see the job ID.
The second step is to update that job with the job ID from the previous API request.
First, take the job ID, add it to the end of the following API request, and change the request to a put.
After clicking Send, the same log push fields that you configured in the Cloudflare dashboard will be added to the Google Cloud Platform with the request headers at the end.
After sending the request, confirm that there are no errors, the job has been updated with the same ID, and the fields list is available, including the request headers.
Now that the job has been updated, let's check the bucket for the logs.
You should see the authenticated user aligned with the request.
After reviewing, you'll see that for all of the requests, there are specific fields and request headers with the cf-access -users, which gives a list of authenticated users that have been granted access to the applications.
This concludes the video walkthrough on how to export access logs to a third-party SIEM and security intelligence platform using log push.
If you have any questions or want to use access to secure other applications or resources, visit teams.Cloudflare.com backslash access.