What does Under Attack Mode do?
Presents an interstitial page to every request coming in which gives a Javascript challenge (where the browser is presented with a basic arithmetic problem to solve in the backend)
Overview Page: What can I find there?
Plan info such as Page Rules,, basic analytics on performance and security, as well as support resources and notifications for things such as billing
DNS Tab: How can I add a lot of DNS records at the same time instead of adding them individually?
Good: You can upload a zone/TXT file through the DNS section, under the Advanced section.
Better: As long as the TXT file is in BIND format, Cloudflare will be able to upload all of the DNS records inside of it.
DNS Tab: What if I don’t want to use Cloudflare for Authoritative DNS? Can I still use your service?
Cloudflare provides another option called CNAME Setup or Partial Setup, which allows you to route only the traffic you want through our network while still keeping your Authoritative DNS.
DNS Tab: What is the difference between an orange and gray clouded record?
Good: An orange clouded recorded is proxied through Cloudflare whereas a gray clouded recorded just returns DNS.
Better: An orange clouded record returns a pair of Cloudflare’s anycast IPs by default. This obfuscates the origin IP for the record and allows Cloudflare to terminate the TLS/SSL at our edge to apply security and performance benefits. Gray clouding just returns the actual DNS record.
DNS Tab: Where would a customer need to update their Name Server records for a full setup?
At the registrar for the domain
SSL/TLS Tab: Can I use my own SSL certificate with Cloudflare?
Yes. Cloudflare gives you the ability to upload your own certificate by copy/pasting the certificate and private key into the dashboard.
SSL/TLS Tab: What does the Flexible and Full SSL settings mean?
Good: Flexible is used when your origin servers do not have a SSL certificate, while Full is used when your origins DO have a SSL certificate.
Better: Flexible allows customers who have not purchased SSL certificates to allow the visitors to still use HTTPS in the browser (Universal SSL).
Best: Full (Strict) will validate the certificate at your origin is from a Certificate Authority, has not expired, and contains the hostname for the request coming from the visitor.
SSL/TLS Tab: Can I set the minimum TLS version across my website?
Good: Yes
Better: Better: The minimum TLS version by default is TLS 1.0, with options for TLS 1.1, 1.2, and 1.3 being the minimum accepted version.
SSL/TLS Tab: Benefits of Universal SSL vs Dedicated SSL
Dedicated Certificates combine the benefits of Universal SSL certificates—automated renewal and rapid revocation/reissuance to address nascent crypto vulnerabilities—without having to upload (and manage the renewal of) certificates purchased elsewhere.
Universal SSL Certs are still great for their automated and renewal benefits, they just lack the ability to have a new private key generated exclusively for your domain, and branded prominently with your domain name
Firewall: Can I block a country completely?
Answer: Yes, on the Enterprise plan you can block any country through the dashboard.
Better: You can also apply a Captcha Challenge or JavaScript Challenge to a country as well.
Best: The JavaScript challenge presents a complex math problem to the browser, which requires JS to be enabled in order to pass the challenge
Firewall: I’m getting hit by some brute force attacks on my login page, do you have anything that helps with that?
Rate Limiting
Firewall: What WAF Packages does Cloudflare have?
Cloudflare has the OWASP Top 10 and our own WAF ruleset (Cloudflare). The Cloudflare ruleset is maintained by our Security Engineers, while the OWASP ruleset is updated every two years.
Better: Every rule is also configurable. You have the option to choose from: Block, Captcha Challenge, Simulate (logging), or Bypass.
Firewall: What are my options for adding my own WAF rules?
Answer: Cloudflare supports custom WAF rules, which the SE/CSUP teams can implement on your behalf.
Better: You can also use Zone Lockdown to restrict parts of your website to certain IP addresses, as well as use User-Agent Blocking to stop known-malicious UA strings.
Best: Using the Filter based firewall to write your own rules!
Firewall: Where can I block an IP address?
IP firewall or Firewall Rules
Firewall: Where is the WAF located at?
Firewall > Managed Rules
Firewall: What is Simulate mode?
Simulate: Logs the event and does not block or challenge the visitor (you can still decide to set to a block or challenge after reviewing your logs).
Firewall: What is the difference between Simulate and Log in firewall rules?`
TBD
Caching: How long does it take Cloudflare to purge cached items from your network?
Answer: It typically takes less than thirty seconds for a purge to be executed across our network.
Caching: How long can an asset stay in Cloudflare’s cache before it’s removed automatically?
Answer: We follow the cache replacement policy of Least Recently Used (LRU).
Better: When a new item is placed in the cache and there is no more space, the cache discards the least recently used items first in order to ensure there is enough space for the new item.
Caching: Can I purge hundreds of items at once?
Answer: Using Cache-Tags will allow you to purge hundreds or potentially thousands of items at once.
Better: Cache-Tags allow you to bundle similar items (images, css, etc.) or paths into easy to control tags, which you can purge directly from the dashboard. There is also a “purge everything” button to quickly purge the entire cache.
Caching: What files do we cache by default?
Answer: Static files by default
Better: Here is the list of files
CSS, JS, JPEG, PDF are all inthere
Best: A page rule can be used to cache everything
Page Rules: What can I do with page rules?
Answer: Here’s a great KB article on it: https://support.cloudflare.com/hc/en-us/articles/218411427-Understanding-and-Configuring-Cloudflare-Page-Rules-Page-Rules-Tutorial-
Page Rules gives you the ability to control how Cloudflare works on a URL or subdomain basis. Page Rules allow you to customize Cloudflare’s functionality to match your domain’s unique needs.
You can define a page rule to trigger one or more actions whenever a certain URL pattern is matched.
It is important to understand two basic Page Rules behaviors:
Only the highest priority matching page rule takes effect on a request.
Page rules are prioritized in descending order in the Cloudflare dashboard, with the highest priority rule at the top.
Traffic Tab: Can I route traffic based on the geographic location of a visitor to different datacenters I have, for example route US visitors to US, EU visitors to EU, etc.?
Answer: Yes, Load Balancing has geo-steering to allow you to set up LBs to ensure traffic is routed to the closest origin you define.
Better: Cloudflare divides our data centers into 13 regions, which you can choose when setting up or editing a Load Balancer.
