Enable Cloudflare's leaked credentials detection
Please note: this idea required splitting so that various points may be addressed as information becomes available.
New request:
- WAF compromised credentials check
Original request:
Please help with implementing below security features ASAP. There are so many frequent attacks on the website that causes the websites to go down.
- Geographical Rate Limiting - Add rules with rate limiting for traffic outside of specific countries (Challenge beyond the primary range/limit and block beyond the secondary range/limit)
- Basic Rate Limiting - Can we add a rule with rate limiting to block DoS attacks
- Bot Protection - Challenge suspected bots to confirm user authenticity
- Bot detection with javascript to identify headless browsers
- Captcha functionality - when users initially come into the site or users are starting an order or users are entering credit card information
- WAF compromised credentials check
- Any other WAF rules to protect the website from anonymous usage and attacks
There are multiple problems if there are no proper security rules in place.
• Problem-1: Websites are going down – Loss of business and sales
• Problem-2: There are many unnoticed attacks, as we know the attacks only after the websites go down
• Problem-3: There is a possibility of data mining from our websites if there is no security rules
Vijayakumar Subramaniyan
shared this idea
We are currently building support in CFG for Cloudflare for SaaS/O2O, which will allow customers to implement and maintain their own Cloudflare WAF in front of Optimizely's. If a customer chooses to stand up their own WAF, they would be able to tailor it to fit their business needs specifically by including things like rate limiting, bot protection, and other Cloudflare configurations.
Note: Optimizely does already take action to mitigate attacks by working with the customer to implement challenges and/or specific rules for the issues the customer is experiencing.
