When using LoadForge to test your website's performance, Cloudflare's security measures may inadvertently block or interfere with the testing traffic. This can lead to inaccurate test results and hinder your ability to assess your site's performance under load. To prevent this, you can implement one of the following solutions to allow LoadForge's traffic through Cloudflare without compromising your website's security.
1. Temporarily Disable Cloudflare Protection
Temporarily lowering or disabling Cloudflare's security settings during your testing period ensures that LoadForge's traffic is not blocked.
Instructions
-
Access Your Cloudflare Dashboard:
- Log in to your Cloudflare dashboard and select the website you want to test.
-
Lower Security Settings:
- Navigate to the Security section.
- Go to WAF > Settings.
- Adjust the Security Level to Essentially Off or Low.
-
Disable Specific Features (Optional):
- If needed, you can also disable Bot Fight Mode or Rate Limiting under the Bots and Rate Limiting sections, respectively.
-
Run Your LoadForge Tests:
- Perform your load testing while the security settings are reduced.
-
Revert Security Settings:
- After testing, revert the security settings to their original levels to re-enable full protection.
Pros
- Quick Implementation: Easy to execute without advanced configuration.
- Immediate Effect: Changes take effect promptly, allowing for immediate testing.
Cons
- Reduced Security: Temporarily exposes your website to potential threats.
- Manual Reversion Needed: Requires you to remember to restore security settings afterward.
2. Whitelist LoadForge IP Ranges
By whitelisting LoadForge's IP ranges, you allow their testing traffic while maintaining normal security measures for other visitors.
Instructions
-
Obtain LoadForge IP Ranges:
- Visit LoadForge's IP Ranges page to get the list of IP addresses used for testing.
-
Access Cloudflare Dashboard:
- Log in to your Cloudflare dashboard and select your website.
-
Navigate to IP Access Rules:
- Go to Security > WAF > Tools.
-
Add IP Ranges to Whitelist:
- Under IP Access Rules, click Add.
- Enter each LoadForge IP range.
- Set the action to Allow.
- Choose This Website under Zone to apply the rule only to your site.
-
Save Changes:
- Confirm and save each entry to update your firewall rules.
Pros
- Targeted Allowance: Only LoadForge's IP addresses are permitted, keeping your site secure from other sources.
- Set and Forget: Once configured, no need to adjust settings for future tests unless IP ranges change.
Cons
- Maintenance Required: LoadForge may update their IP ranges, necessitating updates on your end.
- IP Spoofing Risk: Though minimal, there's a potential risk if an attacker spoofs a whitelisted IP.
3. Add and Whitelist a Custom Header
Instruct LoadForge to send a custom HTTP header with its requests and configure Cloudflare to allow traffic containing this header.
Instructions
-
Set Up Custom Header in LoadForge:
- Log in to your LoadForge account.
- Navigate to your test configuration.
- Add a custom header (e.g.,
X-LoadForge-Test: true). Refer to LoadForge's Custom Headers documentation for detailed steps.
-
Access Cloudflare Dashboard:
- Log in to your Cloudflare dashboard and select your website.
-
Create a WAF Custom Rule:
- Go to Security > WAF > Custom Rules.
- Click Create Rule.
-
Configure the Rule:
- Rule Name: Enter a descriptive name like "Allow LoadForge Testing".
-
When incoming requests match...:
- Field: Select HTTP Request Header.
- Operator: Choose Equals.
-
Value: Enter the custom header and its value (e.g.,
X-LoadForge-Test: true).
-
Then...:
- Action: Select Allow.
-
Deploy the Rule:
- Save and deploy the rule to activate it immediately.
Pros
- Secure Method: Only requests with the specific header are allowed, minimizing security risks.
- No IP Management: Eliminates the need to track and update IP ranges.
Cons
- Complex Setup: Requires precise configuration on both LoadForge and Cloudflare.
- Header Exposure Risk: If the custom header becomes known, malicious actors could potentially exploit it.
By implementing one of these methods, you can ensure that Cloudflare does not interfere with LoadForge's testing traffic, allowing for accurate and effective performance assessments of your website.