developer-resource icon indicating copy to clipboard operation
developer-resource copied to clipboard
verified publisher icon thematters

CF Clearance

Open robertu7 opened this issue 1 year ago • 0 comments

Description

Since we use Cloudflare, it protects our website (SSR server) with WAF. However, our API still remains unprotected. We can leverage Cloudflare Clearance to achieve that.

  • Users visit matters.town;
  • Users solve the challenge and set the cf_clearance cookie;
  • Add WAF rules to protect API: allow traffic only with cf_clearance cookie;

Refs

  • https://developers.cloudflare.com/waf/tools/challenge-passage/
  • https://developers.cloudflare.com/fundamentals/reference/policies-compliances/cloudflare-cookies/#additional-cookies-used-by-the-challenge-platform
  • https://developers.cloudflare.com/turnstile/concepts/pre-clearance-support/
  • https://blog.cloudflare.com/integrating-turnstile-with-the-cloudflare-waf-to-challenge-fetch-requests

Image

robertu7 avatar May 21 '24 09:05 robertu7