Skip to content

Cloudflare Features Overview

VIDEO TRANSCRIPT | Recorded: 2022-01-27 | Verify against current system state

Abstract

Comprehensive training overview of AANP infrastructure management covering Rackspace server administration (cloud servers, security groups, backups, SSH keys, load balancers) and Cloudflare security configuration (DNS management, SSL/TLS, firewall rules, rate limiting, page rules for maintenance mode). Demonstrates monitoring dashboards, backup restoration procedures, and security best practices.

Key Procedures

  • Log into Cloudflare using IT support account from password safe
  • Navigate Cloud Servers to view server status and monitoring checks
  • Configure security groups under Networking to restrict IP access
  • Set up SSH keys for Linux terminal access
  • Use gear icon to reboot servers, access emergency console, or create images
  • Configure backup agents and restore from daily/weekly backups
  • Create and manage DNS records in Cloudflare (A, CNAME, MX, TXT)
  • Toggle proxy status (orange cloud) for Cloudflare filtering vs DNS-only
  • Set up rate limiting rules for login pages
  • Create page rules for site maintenance redirects
  • Monitor firewall events and threat analytics
  • Configure custom error pages with Cloudflare tokens

Notable Statements

  • 0:00:24 "The main one is our WWW site, which is a Linux box, lives there. And then we have some development boxes related to that."
  • 0:03:02 "This archive site is only available through the VPN. You can't get to it from the public site at all."
  • 0:04:03 "This is the public IP address. This is the IP address that you would use in Cloudflare to redirect traffic to."
  • 0:08:02 "They're not like Azure where you can turn off the resources. As soon as you create a server, you are charged per hour no matter what."
  • 0:15:06 "They're not able to see our private IP address for the Rackspace server. They only see the load balancer IP."
  • 0:16:32 "Anything you put on info.amponline.com is going to get cached. You can go to files.ampdownload.org and it's going to give you a cached version."
  • 0:25:04 "Our QA and UAT accounts are at the free tier. AMP.org we have the middle tier, not enterprise."
  • 0:26:49 "Under attack mode really restricts access to the sites. It goes into 'everyone is evil' mode and challenges people more often."
  • 0:30:15 "You can't post back to the set page more than five times in five minutes. If you do you get a rate limited page." - Re: rate limiting
  • 0:33:24 "Zone lockdowns are areas where I have said you cannot access unless you are in a specific list of IP addresses."
  • 0:41:38 "With a flip of a toggle, you are moved into a site maintenance URL. Any traffic hitting my.amp.org would be pushed to site maintenance.amp.org."

Systems & Configurations

Systems Mentioned

  • Rackspace Cloud (server hosting)
  • Cloudflare (CDN, security, DNS)
  • MySQL Cloud Database (CraftCMS)
  • Aptify Cloud (Windows servers)
  • SharePoint (IP address documentation)
  • CraftCMS (www site)
  • Sitefinity (my.aanp.org CMS)
  • Higher Logic (community.amp.org)

Specific Configurations

Item Value/Setting Timestamp Notes
Archive Site Cloud PS Web 01 0:02:36 Old Juno site, VPN-only access
IAS Server Cloud PS Web 03 0:03:48 Handouts storage, backup
CDN Domain files.ampdownload.org 0:16:09 Caches from info.amponline.com
SSL Mode Full Strict 0:34:25 Cloudflare SSL/TLS setting
Minimum TLS 1.2+ 0:35:31 Blocks older TLS connections
Rate Limit 5 posts / 5 minutes 0:30:21 Login page protection
Page Rules Limit ~20 free, then paid 0:41:18 Per-rule pricing after limit

Credentials/Access Mentioned

  • IT Support account in Password Safe for Rackspace/Cloudflare
  • SSH keys stored in Rackspace for Linux server access
  • IP address documentation on SharePoint (server environments spreadsheet)

Errors & Troubleshooting

  • Issue: Conference handouts crashing servers
  • Cause: 6000+ simultaneous downloads of large files
  • Resolution: Implemented CDN caching at files.ampdownload.org

  • Timestamp: 0:16:40

  • Issue: Skype autodiscover.xml requests flooding servers

  • Cause: Constant bot requests to WW site

  • Resolution: Firewall rule to block autodiscover requests

  • Timestamp: 0:39:14

  • Issue: Higher Logic caching problems with WAF

  • Cause: Cloudflare WAF interfering with connections

  • Resolution: Disabled Cloudflare filtering for community.amp.org
  • Timestamp: 0:43:13

Transcript Gaps & Quality Notes

  • Multiple speakers including Keith (new team member being trained)
  • Brief interruption for production issue during recording
  • Some page rules demonstrated in real-time for actual outage
  • Recording covers both training and active incident response
  • References to spreadsheet documentation not visible in transcript