Bagi pemilik situs WordPress pasti tidak asing dengan yang namanya CloudFlare. Kita juga pernah membahas mengapa sebaiknya blog WordPress menggunakan layanan CloudFlare ini.
Namun terkait CloudFlare Firewall Rules apakah kamu sudah pernah mencobanya? Fitur ini sebenarnya bukan fitur yang baru. Namun sepertinya di Indonesia, belum banyak orang yang membahas mengenai fitur Cloudflare yang satu ini.
Padahal manfaatnya cukup banyak, terutama bisa meminimalisir situs WordPress dari berbagai serangan hacking. Semua pengaturan tidak melibatkan situs WordPress itu sendiri, melainkan pengaturan berada di halaman dasbor CloudFlare.
Pada gambar di atas destination server bisa dibilang adalah server situs WordPress yang kamu miliki saat ini. Sedangkan gambar tembok di atas atau web application firewall itu milik CloudFlare.
Pengguna dibagi dua, ada yang sebagai visitor baik-baik, ia hanya membutuhkan informasi dari blog yang kamu tulis, setelah mendapatkan informasi ya dia tinggal tutup tab browser, dan ia bisa berkunjung kembali ke blog atau tidak sama sekali.
Ada juga yang visitor, yang berniat jahat seperti ingin melakukan kegiatan hacking (baik itu berupa serangan XSS, SQL Injection, dst). Di sinilah pentingnya menggunakan WAF (Web Application Firewall).
CloudFlare akan memblokir visitor yang akan melancarkan serangan hacking, sebelum ia mengakses ke destination server, serangan tersebut sudah dipatahkan terlebih dahulu oleh sistem Cloudflare.
Secara pengaturan dasar memang CloudFlare hanya memberikan proteksi terkait serangan DDOS ringan saja, pada level yang lebih kompleks kamu perlu melakukan upgrade akun ke versi Pro, Business atau bahkan Enterprise.
Versi CloudFlare Pro sendiri per bulannya sekitar Rp. 275.000,- untuk kurs per hari ini tanggal 13 Februari 2020 atau dalam dollar Amerika Serikat sebesar $20 per bulan. Syukur-syukur blog WordPress sudah menghasilkan uang sehingga bisa subscribe yang Cloudflare Pro.
Nah bagaimana nih buat blogger pemula yang belum mendapatkan penghasilan dari blognya? Adakah solusi yang lain? Tentu ada. Kamu bisa memanfaatkan fitur Cloudflare Firewall Rules yang bisa dibilang fitur ini gratis dan powerful.
Cara Menggunakan Cloudflare Firewall Rules
Pertama yang harus dilakukan yaitu klik menu Firewall > Firewall Rules > klik tombol pada create a firewall rule. Nah saya sudah membuat beberapa cloudflare firewall rules untuk melindungi WordPress dari serangan hacking berikut ini.
1. Proteksi Situs WordPress dari Serangan Hacking
CloudFlare firewall rule terbaik untuk WordPress di bawah ini yaitu mencegah agar beberapa file sensitif dari WordPress tidak terekspos dan berhasil diekspolitasi apabila ada celah keamanan (bug) yang dimiliki pada situs WordPress kamu.
Kamu bisa lakukan copy-paste saja pada kotak Edit Expression, bisa disesuakan dengan kebutuhan. Jangan lupa selalu ditutup dengan then… Choose an action diisi dengan Block ya.
Gambar di atas CloudFlare Firewall Rules-nya hanya sebagai contoh, kamu bisa mengikuti rules yang ada di bawah ini saja.
(http.request.full_uri contains “wp-config.php”) or (http.request.uri.path contains “/xmlrpc.php”) or (http.request.full_uri contains “.htaccess”) or (http.request.full_uri contains “.my.cnf”) or (http.request.full_uri contains “.user.ini”) or (http.request.full_uri contains “nginx.conf”) or (http.request.full_uri contains “.conf”) or (http.request.full_uri contains “config.php”) or (http.request.full_uri contains “php.ini”) or (http.request.full_uri contains “.ini”) or (http.request.full_uri contains “.log”) or (http.request.uri.path contains “/wp-content/” and http.request.uri.path contains “.php”) or (http.request.uri.path contains “phpmyadmin”) or (http.request.full_uri contains “../”) or (http.request.full_uri contains “..%2F”) or (http.request.full_uri contains “passwd”) or (http.request.uri contains “/dfs/”) or (http.request.uri contains “/autodiscover/”) or (http.request.uri contains “/wpad.”) or (http.request.full_uri contains “webconfig.txt”) or (http.request.full_uri contains “vuln.”) or (http.request.uri.query contains “base64”) or (http.request.uri.query contains “<script”) or (http.request.uri.query contains “%3Cscript”) or (http.request.uri.query contains “$_GLOBALS[“) or (http.request.uri.query contains “$_REQUEST[“) or (http.request.uri.query contains “$_POST[“) or (http.request.full_uri contains “<?php”) or (http.cookie contains “<?php”) or (http.cookie contains “<script”) or (http.referer contains “<script”)
2. Proteksi WordPress dari Bot Jahat
(cf.threat_score gt 15)
or (http.user_agent contains “Yandex”)
or (http.user_agent contains “muckrack”)
or (http.user_agent contains “Qwantify”)
or (http.user_agent contains “Sogou”)
or (http.user_agent contains “BUbiNG”)
or (http.user_agent contains “knowledge”)
or (http.user_agent contains “CFNetwork”)
or (http.user_agent contains “Scrapy”)
or (http.user_agent contains “SemrushBot“)
or (http.user_agent contains “AhrefsBot”)
or (http.user_agent contains “Baiduspider”)
or (http.user_agent contains “baidu.com”)
or (http.user_agent contains “/bin/bash”)
or (http.user_agent contains “crawler.feedback@gmail.com”)
or (http.user_agent contains “eval(“)
or (http.user_agent contains “Nikto”)
or (http.user_agent contains “Nimbostratus”)
or (http.user_agent contains “python-requests”)
or (http.user_agent contains “Scrapy/”)
or (http.user_agent contains “SeznamBot/”)
or (http.user_agent contains “Sogou web spider/”)
or (http.user_agent contains “spbot/”)
or (http.user_agent contains “Uptimebot/”)
or (http.user_agent contains “WebDAV-MiniRedir”)
or (http.user_agent contains “WinHttp.WinHttpRequest”)
or (http.user_agent contains “ZmEu”)
or (http.user_agent contains “Go-http-client/”)
or (http.user_agent contains “DnyzBot/”)
or (http.user_agent contains “DotBot/”)
or (http.user_agent contains “python-requests”)
or ((http.user_agent contains “crawl”)
or (http.user_agent contains “Crawl”)
or (http.user_agent contains “bot” and not http.user_agent contains “bingbot” and not http.user_agent contains “Google” and not http.user_agent contains “Twitter”)
or (http.user_agent contains “Bot” and not http.user_agent contains “Google”)
or (http.user_agent contains “Spider”)
or (http.user_agent contains “spider”)
and not cf.client.bot)
3. Proteksi WordPress dari Ekstensi yang Berbahaya Versi 1
(http.request.full_uri contains “.printerexport”) or (http.request.full_uri contains “.pl”) or (http.request.full_uri contains “.theme”) or (http.request.full_uri contains “.vbp”) or (http.request.full_uri contains “.xbap”) or (http.request.full_uri contains “.xll”) or (http.request.full_uri contains “.xnk”) or (http.request.full_uri contains “.msu”) or (http.request.full_uri contains “.lnk”) or (http.request.full_uri contains “.mad”) or (http.request.full_uri contains “.maf”) or (http.request.full_uri contains “.mag”) or (http.request.full_uri contains “.mam”) or (http.request.full_uri contains “.maq”) or (http.request.full_uri contains “.mar”) or (http.request.full_uri contains “.mas”) or (http.request.full_uri contains “.mat”) or (http.request.full_uri contains “.mau”) or (http.request.full_uri contains “.mav”) or (http.request.full_uri contains “.maw”) or (http.request.full_uri contains “.mda”) or (http.request.full_uri contains “.mdb”) or (http.request.full_uri contains “.mde”) or (http.request.full_uri contains “.mdt”) or (http.request.full_uri contains “.mdw”) or (http.request.full_uri contains “.mdz”) or (http.request.full_uri contains “.msc”) or (http.request.full_uri contains “.msh”) or (http.request.full_uri contains “.msh1”) or (http.request.full_uri contains “.msh2”) or (http.request.full_uri contains “.mshxml”) or (http.request.full_uri contains “.msh1xml”) or (http.request.full_uri contains “.msh2xml “) or (http.request.full_uri contains “.msi”) or (http.request.full_uri contains “.msp”) or (http.request.full_uri contains “.mst”) or (http.request.full_uri contains “.ops”) or (http.request.full_uri contains “.osd”) or (http.request.full_uri contains “.pcd”) or (http.request.full_uri contains “.pif”) or (http.request.full_uri contains “.plg”) or (http.request.full_uri contains “.prf”) or (http.request.full_uri contains “.prg”) or (http.request.full_uri contains “.psc1 “) or (http.request.full_uri contains “.pst”) or (http.request.full_uri contains “.reg”) or (http.request.full_uri contains “.scf”) or (http.request.full_uri contains “.scr “) or (http.request.full_uri contains “.sct”) or (http.request.full_uri contains “.shb”) or (http.request.full_uri contains “.shs”) or (http.request.full_uri contains “.tmp”) or (http.request.full_uri contains “.url”) or (http.request.full_uri contains “.vb”) or (http.request.full_uri contains “.vbe”) or (http.request.full_uri contains “.vbs”) or (http.request.full_uri contains “.vsmacros”) or (http.request.full_uri contains “.vsw”) or (http.request.full_uri contains “.ws”) or (http.request.full_uri contains “.wsc “) or (http.request.full_uri contains “.wsf”) or (http.request.full_uri contains “.wsh”) or (http.request.full_uri contains “.apk”) or (http.request.full_uri contains “.appx”) or (http.request.full_uri contains “.appxbundle”) or (http.request.full_uri contains “.cab”) or (http.request.full_uri contains “.cmd”) or (http.request.full_uri contains “.dll”) or (http.request.full_uri contains “.dmg”) or (http.request.full_uri contains “.exe”) or (http.request.full_uri contains “.iso”) or (http.request.full_uri contains “.jse”) or (http.request.full_uri contains “.lib”) or (http.request.full_uri contains “.msix”) or (http.request.full_uri contains “.msixbundle”) or (http.request.full_uri contains “.nsh”) or (http.request.full_uri contains “.wsc”) or (http.request.full_uri contains “.scr”) or (http.request.full_uri contains “.sys”) or (http.request.full_uri contains “.vxd”) or (http.request.full_uri contains “.rb”) or (http.request.full_uri contains “.sql”) or (http.request.full_uri contains “.py”) or (http.request.full_uri contains “.ade”) or (http.request.full_uri contains “.adp”) or (http.request.full_uri contains “.app”) or (http.request.full_uri contains “.asp”) or (http.request.full_uri contains “.bas”) or (http.request.full_uri contains “.bat”) or (http.request.full_uri contains “.cer”)
4. CloudFlare Firewall Rules untuk Memblokir Ekstensi Berbahaya Versi 2
(http.request.full_uri contains “.cpl”) or (http.request.full_uri contains “.crt”) or (http.request.full_uri contains “.csh”) or (http.request.full_uri contains “.der”) or (http.request.full_uri contains “.diagcab”) or (http.request.full_uri contains “.exe”) or (http.request.full_uri contains “.fxp”) or (http.request.full_uri contains “.gadget”) or (http.request.full_uri contains “.grp”) or (http.request.full_uri contains “.hlp”) or (http.request.full_uri contains “.hpj”) or (http.request.full_uri contains “.hta”) or (http.request.full_uri contains “.inf”) or (http.request.full_uri contains “.ins”) or (http.request.full_uri contains “.isp”) or (http.request.full_uri contains “.its”) or (http.request.full_uri contains “.jar”) or (http.request.full_uri contains “.jnlp”) or (http.request.full_uri contains “.ksh”) or (http.request.full_uri contains “.py”) or (http.request.full_uri contains “.pyc”) or (http.request.full_uri contains “.pyo”) or (http.request.full_uri contains “.pyw”) or (http.request.full_uri contains “.pyz”) or (http.request.full_uri contains “.pyzw”) or (http.request.full_uri contains “.ps1”) or (http.request.full_uri contains “.ps1xml”) or (http.request.full_uri contains “.ps2”) or (http.request.full_uri contains “.ps2xml”) or (http.request.full_uri contains “psc1”) or (http.request.full_uri contains “.psc2”) or (http.request.full_uri contains “.psd1”) or (http.request.full_uri contains “.psdm1”) or (http.request.full_uri contains “.appcontent-ms”) or (http.request.full_uri contains “.settingcontent-ms”) or (http.request.full_uri contains “.mcf”) or (http.request.full_uri contains “.phtml”) or (http.request.full_uri contains “.pht”) or (http.request.full_uri contains “.php7”) or (http.request.full_uri contains “.php5”) or (http.request.full_uri contains “.php4”) or (http.request.full_uri contains “.php3”) or (http.request.full_uri contains “webshell.php”) or (http.request.full_uri contains “shell.php”) or (http.request.full_uri contains “.php6”) or (http.request.full_uri contains “shell.aspx”) or (http.request.full_uri contains “.eml”) or (http.request.full_uri contains “.sh”) or (http.request.full_uri contains “.chm”) or (http.request.full_uri contains “.cmd”) or (http.request.full_uri contains “.cnt”)
5. Cloudflare Firewall Rules untuk Membatasi IP Address
((http.request.uri.path contains "/xmlrpc.php") or (http.request.uri.path contains "/admin/") or (http.request.uri.path contains "/wp-login.php") or (http.request.uri.path contains "/inc/") or (http.request.uri.path contains "/wp-admin/" and not http.request.uri.path contains "/wp-admin/admin-ajax.php" and not http.request.uri.path contains " /wp-admin/theme-editor.php")) and (ip.geoip.country ne "ID")
Contoh cloudflare firewall rules di atas bisa guna melindungi WordPress dari serangan hacking seperti serangan brute force. IP Address selain negara Indonesia akan diblokir oleh CloudFlare saat mencoba mengakses halaman seperti wp-login.php.
Kamu juga bisa melakukan whitelist jika memiliki IP Address yang dedicated. Itu akan jauh lebih aman, dibandingkan hanya membatasi negara Indonesia saja. Jika belum punya dedicated IP Address, rules di atas insyaAllah sudah cukup.
Sumber:
—
Nah sampai di sini apakah ada pertanyaan lebih lanjut? Jika ada, kita bisa saling berdiskusi melalui Forum.Situstarget.com. Jika artikel ini bermanfaat untuk orang lain, bagikan juga melalui Facebook, Twitter, LinkedIn, WhatsApp, Telegram, dan Line.
Semoga bisa menjadi amal jariyah untuk para pembaca sekalian. Aamiin!
