Skip to content
← Configured Commerce

Welcome! 👋

'Configured Commerce fraud detection' has been merged into this idea

Configured Commerce

Categories

JUMP TO ANOTHER FORUM

(thinking…)

Cloudflare WAF Rules

Please help with implementing below security features ASAP. There are so many frequent attacks on the website that causes the websites to go down.

  1. Geographical Rate Limiting - Add rules with rate limiting for traffic outside of specific countries (Challenge beyond the primary range/limit and block beyond the secondary range/limit)
  2. Basic Rate Limiting - Can we add a rule with rate limiting to block DoS attacks
  3. Bot Protection - Challenge suspected bots to confirm user authenticity
  4. Bot detection with javascript to identify headless browsers
  5. Captcha functionality - when users initially come into the site or users are starting an order or users are entering credit card information
  6. WAF compromised credentials check
  7. Any other WAF rules to protect the website from anonymous usage and attacks

There are multiple problems if there are no proper security rules in place.

• Problem-1: Websites are going down – Loss of business and sales
• Problem-2: There are many unnoticed attacks, as we know the attacks only after the websites go down
• Problem-3: There is a possibility of data mining from our websites if there is no security rules

6 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Split idea
This idea was split into a new idea: Website Stability via Rate Limiting
Vijayakumar Subramaniyan shared this idea  ·   ·  Report…  ·  Admin →
Closed  ·  AdminDominic Hartjes (Senior Product Manager, Optimizely) responded  · 

Thank you for your feedback!


This feedback item has been split to enable updates on the various different questions as they become available.


  • Rate limiting related questions (1 and 2): https://feedback.optimizely.com/redirect/suggestions/50742092
  • Bot Protection related questions (3, 4, 7): https://feedback.optimizely.com/redirect/suggestions/50742158
  • Captcha functionality (5): https://feedback.optimizely.com/redirect/suggestions/50742185
  • WAF compromised credentials check (6): https://feedback.optimizely.com/redirect/suggestions/50742164
Show previous admin responses (1)

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • elove commented  ·   ·  Report

    Had a request from a customer wanting to add fraud protections such as:
    1. Rate limiting
    2. Bot detection
    3. Bot detection with javascript to identify headless browsers
    4. Captcha functionality - when users initially come into the site or users are starting an order or users are entering credit card information
    5. WAF compromised credentials check