Your cart
There are no more items in your cart
- Tecnoacquisti.com
- Tutorial Prestashop
CloudFlare is an excellent service that also in the free version can mitigate many threats and reduce junk traffic, also very useful for ecommerce that sell abroad thanks to distributed DNS, which operate as a reverse proxy make the response of our store more reactive. PrestaShop.
Solve the problem of continuous logout from the Backoffice
The first problem encountered when enabling CloudFlare's proxy protection is that of continuous logouts from BackOffice, i.e. requests to access the PrestaShop control panel again. This happens because the IP continues to vary, it is therefore necessary when using CloudFlare as protection or to speed up your ecommerce, to change a parameter of the configuration of our PrestaShop instance.
To do this we go to:
Advanced Parameters -> Administration
And we disable the item: Check the IP address of the Cookies
In this screen we can also increase the lifespan of the login cookies, but for security reasons, do not overdo it, it is necessary that after a period of a few minutes the session will expire and you will be prompted for access to the administration area again.
CloudFlare real IP and Plesk
Using CloudFlare presents an additional server-side issue, which it will not be able to detect in its visitor's real IP logs as noted here. Obviously this configuration is to be asked to whoever manages your Hosting, in the case of Plesk (no longer integrating mod_cloudflare ) it is necessary to go to:
Domain -> Hosting & DNS - Apache & nginx Setting
And in Additional nginx directives
We insert the following:
#CloudFlare
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 199.27.128.0/21;
set_real_ip_from 2400: cb00 :: / 32;
set_real_ip_from 2606: 4700 :: / 32;
set_real_ip_from 2803: f800 :: / 32;
set_real_ip_from 2405: b500 :: / 32;
set_real_ip_from 2405: 8100 :: / 32;
# use any of the following two
real_ip_header CF-Connecting-IP;
#real_ip_header X-Forwarded-For;
By adding these directives both Nginx and Apache will be able to read the visitor's real IP.
The list of Cloudflare IPs can be found here: https://www.cloudflare.com/it-it/ips/
Conclusions
Unfortunately, some problems remain with both the Free and Pro versions, it will not be possible to set a Time Out higher than 100s, so many massive operations will go into error 524 . So if we need to go beyond this limit, we need an Enterprise subscription (very expensive), or we need a subdomain for the backend (eg admin.yourdomain.it) set in the DNS not in proxy management, or with the gray cloud. A configuration that has become very complex with PrestaShop 1.7, but a useful solution to avoid this type of problem. By using a different subdomain, there is also a need to remove the cookie IP verification, which is an important security measure.
One of the interesting features available in the PRO version is the CDN, with relative image optimization, the strengths of this solution beyond the conversion to WebP, is the resizing of the images based on the device request; in this way, for example, mobile and desktop devices will have optimized images. In reality it is also possible to do it on the server side with the use of the Google Page Speed module, but with a high cost in terms of TTFB, therefore not recommended. With the use of the CDN there will be no worsening of the load and in addition you will have all the advantages deriving from a network for distributed content sharing, i.e. the images will be provided by servers closer to the user, very useful if our eccommerce for example, it also operates in America and ASIA.
Operation which, however, given the technical difficulty is to be carried out only if you are using a PRO version of CloudFlare, if our need is to protect our ecommerce from a sporadic attack we can activate the proxy only for the necessary period and deactivate it when we need to carry out massive operations and use the FREE version of CloudFlare.
Author: Loris Modena
SENIOR DEVELOPER
Per Ind Loris Modena , owner of Arte e Informatica , he began working in the IT sector in 1989 as a system engineer in charge of the maintenance and installation of IT systems. He started programming for the web in 1997 dealing with CGI programming in PERL and then moving on to programming in PHP and JavaScript. In this period he approaches the Open source world and the management of Linux servers.