Upload
cloudflare
View
370
Download
0
Embed Size (px)
DESCRIPTION
Keeping communication between your visitors and your website secure and confidential has never been more important. Data can be vulnerable to theft as it’s transferred to and from your website. One simple solution to this security threat is to encrypt your traffic with SSL (Secure Sockets Layer). SSL encryption ensures the data transferred between your visitors and your site is safe from data theft, and having SSL enabled can also boost your Google search rankings. CloudFlare has made it simple and easy to add SSL to your site: you don’t have to purchase a separate certificate or install anything. In this webinar CloudFlare’s solution engineer Peter Griffin explains the key features of SSL, and walks you through the simple process of getting SSL running on your site.
Citation preview
CloudFlare and SSLkeep your site and data safe with SSL
Elenitsa StaykovaMarketing, CloudFlare
Peter GriffinSolutions Engineer, CloudFlare
Agenda● Introduction● CloudFlare overview● SSL options with CloudFlare
○ Upload of custom certificate○ GlobalSign provisioning options
● SSL configuration demo● Conclusion / Q&A
CloudFlare Overview
CloudFlare Security and Performance for web applications, from 28 global locations (and growing!)
CloudFlare Overview
● Global: 28 locations, and growing
● Anycast Routing: BGP routes to CloudFlare IP ranges are announced from each location, traffic is handled regionally
● Robust: Each node performs all tasks: DNS requests, security checks, performance transformations, and caching
● Reliable: Built-in redundancy, load balancing, and high availability.
● Intelligence: over 1 million sites using CloudFlare, unparalleled view into “Layer 7” / HTTP-based attacks
● Capacity: CloudFlare has mitigated the largest disclosed DDoS attacks to-date
How CloudFlare protection works
● Protected hostname resolves to CloudFlare IPs via DNS
● Back-end IP address hidden, locked-down to allow only CloudFlare IPs
● HTTP/S requests, UDP attack traffic goes first to CloudFlare
● CloudFlare only proxies valid, acceptable HTTP requests. Everything else is dropped
SSL on the web
What is SSL / HTTPS? (briefly)
1. HTTP over encrypted SSL/TLS session2. Uses public key cryptography3. Verifies identity (of websites)4. Encrypts communications
Google looking at HTTPS for ranking
“...over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We've seen positive results, so we're starting to use HTTPS as a ranking signal. For now it's only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”http://googlewebmastercentral.blogspot.com/2014/08/https-as-ranking-signal.html
CloudFlare provides high quality HTTPS
CloudFlare’s SSL Options
Upload your own key pair● CloudFlare can present your existing SSL cert to your users
● Keys are never stored on-disc, only decrypted on demand
● Uploaded via web interface
Have CloudFlare provide a GlobalSign SSL cert● Valid for *.example.com, and the root (example.com)
● *.*.example.com (subdomain of subdomain) NOT supported
● Ownership of your domain must be verified by GlobalSign before they will provision the certificate.
SSL Provisioning Options
GlobalSign domain verification
GlobalSign needs to know you own the domain!
Verify via HTML <meta/> tag● HTML <meta/> tag provided by CloudFlare must be placed within
the <head/> section of the landing page at either your root, or your www.
● GlobalSign will check that verification code is valid, and add *.example.com and example.com on the SSL certificate
Verify via proxying● Cert provisioned once CloudFlare-proxying is observed on either
the root domain, or the www. subdomain
● 10 to 15 minutes of SSL browser warnings until the presented cert is updated
SSL Operating Options
Changes to your web application
CloudFlare “Always Use HTTPS” Page Rule● Automatically redirects requests for all subdomains AND the
root to the corresponding HTTPS URL
Switching to HTTPS:// URLs!
Switching to HTTPS:// URLs!
Stop using HTTP:// in your HTML!● Search engines will follow the links it finds -- you don’t want the
search engine crawlers dealing with redirects for every page they read on your site!
● Relative URLs are good!
Switching to HTTPS:// URLs!
Google’s webmaster guidelines
● Google has good resources and HOWTOs, and making sure that the Google Bot can crawl+index your HTTPS site: http://www.google.com/webmasters/
Recommended viewing!
● “Google I/O 2014: HTTPS Everywhere” -- goes into much more https://www.youtube.com/watch?v=cBhZ6S0PFCY
Thank you!