Protect your OpenCart store from DDoS and bots with FlareGuard

FlareGuard is a security module for OpenCart that integrates directly into the site's entry point and acts as a guard against DDoS activity, HTTP flooding, and malicious bots. When traffic becomes suspicious, the module doesn't shut down the store, but rather gently redirects visitors to Cloudflare Turnstile for verification or blocks clearly malicious sources.

Why do you need FlareGuard?

If a site experiences a sudden surge in requests (from bots, parsers, crawlers, or attempts to overwhelm the server), genuine customers and conversion suffer. FlareGuard addresses this in a targeted manner: it doesn't interfere with legitimate users, but quickly filters out suspicious IP addresses and aggressive User Agents.

How does protection work?

• Rate limiting of IP requests within a time window.
• "I'm under attack" mode - forced checking for everyone except the whitelist.
• Human verification via Cloudflare Turnstile (no annoying images, as gentle as possible for the visitor).
• Automatic blocking during HTTP flooding with recording of IP addresses in a separate blocking file.
• Manual lists whitelist (allow) and blacklist (block) by IP, CIDR ranges and User-Agent fragments.
• Page exclusions – you can disable checks for individual URLs (e.g. robots.txt, sitemap, checkout).

What data is analyzed

• Visitor's IP address ( REMOTE_ADDR )
• Browser/bot User-Agent
• Requested URL ( REQUEST_URI )
• Request method (GET/POST), including AJAX request handling
• Session markers (captcha completion status, request counters)

Key functions and settings in the admin panel

1. The requests per minute threshold is the basic limit after which the check is activated.
2. "I'm under attack" is a quick switch when you need to tighten the screws immediately.
3. Whitelist - IP, CIDR ranges and trusted bots (e.g. search robots).
4. Manual blocking - IP/CIDR/User-Agent that should be denied access.
5. HTTP flood
   • flood threshold per minute
   • fast flood: time window (sec.)
   • fast flood: number of requests
   • list of automatically blocked IPs with the ability to delete (unblock)
6. Logging and dynamic adaptation – recording events and enhancing response to abnormal activity.
7. Excluded pages are URLs/URL parts that are not checked.
8. Log size limitation - if the specified volume is exceeded, the traffic.log file is automatically cleared.

Important: For verification to work, you must first create Cloudflare Turnstile keys and specify them in the settings. Without this configuration, the module will report an error and will not be able to properly enable protection.

Recommendations for setting up

To find the right balance between security and convenience, start with moderate values and gradually adjust them to your actual traffic.

• Normal mode the request threshold is 80–150/min per IP (depending on the traffic and complexity of the pages).
• If you notice an "attack" turn on the "I'm under attack" mode - this will quickly block most automated requests.
• Don't block useful stuff whitelist search bots and monitoring services (by User-Agent or IP).
• Be careful with checkout it's best to add the checkout page to the exceptions list to avoid disrupting payments and redirects.
• Check the logs traffic.log is a great way to figure out who's pushing your site and tighten up your manual rules.

Application examples

• If your online store is experiencing a slowdown in the evening due to parser bots, you can enable HTTP flooding and add suspicious User-Agents to manual blocking.
• Your site is under attack from multiple IP addresses. Activate "I'm under attack" mode, and the whitelist allows access to search engines and your services.
• To maintain SEO accessibility, exclude robots.txt and sitemap from checks so that robots don't encounter captchas.