Cloudflare is a cloud service built on a network of servers located around the world. It helps improve speed, security and privacy for customer sites connected to the platform.
Cloudflare covers more than 100 countries, and more than 11,000 networks, including hosting providers and large enterprises, have direct connections to the platform.
Webmasters often use it, especially since the service has a free tariff, which is quite enough for basic needs. Today we will talk about how Cloudflare works, what are the main tools on this platform and how to connect a site to Cloudflare.
The main capabilities that make Cloudflare so popular are protection against DDoS attacks and increasing site speed through content caching.
The very fact of connecting the site to the Cloudflare network already provides a certain level of protection against DDoS . Attackers do not see the IP address of the site, so they are forced to attack it through the service itself. Cloudflare, in turn, filters requests so that only safe traffic reaches the site.
The platform has 250 data centers around the globe that are used for cyber security.
In addition, you can use a whole list of tools to protect your site, which you can connect and configure manually.
Register in the system using the Sign Up button.
Enter the domain of the site you plan to connect in the special field and click the Add site button.
Choose the tariff that suits you best. Most webmasters use the FREE package, because it is quite enough to protect and speed up the site. But if you need additional features, you can purchase one of the paid plans.
Next, the system will start looking for DNS records for your domain. Usually they are all there, but in which case you can also add them manually. Opposite each entry you can see the proxy status. It is required that all entries for which this is possible have Proxied status. If all entries are found automatically, just click Continue.
Copy the suggested NS servers and configure redirects for the domain. This must be done in the control panel on the website of your domain name registrar.
If you registered a domain in Cityhost, you need to go to the "Domains" tab, click the domain management icon (gear), then click the edit icon opposite the "NS servers" line. Enter the copied server addresses in the "New NS Servers" fields and save the changes.
If you did everything correctly, the domain information in your account will show NS servers with an address that contains the word "cloudflare".
The service is constantly expanding and offers new tools. For example, Cloudflare already has a platform for streaming video and photo stocks, its own captcha called Turnstile, high-performance R2 storage and much more.
We will not describe all the functions individually, especially since each section is accompanied by documentation with detailed explanations (the service is delivered in English, but the pages can be easily translated using Google Chrome's autotranslator). We will introduce you only to the basic tools for working with the site, which you can find in the Websites tab.
In addition, Overview has options to quickly clear the cache and enable the Under Attack mode. If your site is attacked, activate this mode and the system will check and screen all incoming requests in more detail until the attack is over.
In the Analytics section, you can analyze traffic, monitor threats, analyze performance and request sources.
Connecting DNS servers from Cloudflare allows you to secure the DNS system from attacks, interception and falsification of records, which is important for the security of sites and their users. In this section, you can check and add DNS records, as well as create custom name servers (for a fee).
How do I add a DNS record to Cloudflare? Let's take a look at the example of the new.blue-sky.pp.ua subdomain.
Select the record type - A for a server that has an IPv4 IP address or AAAA for IPv6 if you are simply adding an address to the records. In the Name field, enter the name of the subdomain without the main address: in our example, it is new. If you add an entry for the entire domain, you need to enter the @ symbol. In the field IPv4 address (IPv6 address), enter the IP address of your hosting server, which can be found in the hosting control panel.
After saving the changes, it may take some time for the DNS records to update.
Also here you can configure SPF, DKIM and DMARC and prohibit the sending of e-mails for mailboxes intended only for receiving mail. This action will prevent SPAM if the box is hacked.
Email routing is available on Cloudflare. With the help of this option, in particular, you can create many new e-mail boxes on the domain and redirect letters from them to work addresses. This allows you to hide the real mailbox and protect it from hacking attempts.
To enable routing, you need to enter a new name for the mailbox you want to create in the "Custom address" field and the work mail address to which you plan to send letters in the "Destination address" field. You will then receive a mail verification email for redirection. Verification occurs only once, after which you can add any number of addresses to this box.
Another useful feature is mail security. This feature helps protect mail from hacking attempts and phishing attacks. To work with it, you need to send a request to use the trial version.
Cloudflare provides free and paid protection for SSL/TLS encryption protocols that create a secure connection between the client's browser and the server. This is not only an opportunity to purchase standard SSL certificates, but also HTTP Strict Transport Security (HSTS) connection, use of HTTP/2, creation of origin certificates and many other useful options.
After connecting the site to Cloudflare, the user immediately receives a basic free SSL certificate, everything else needs to be configured manually.
This section contains protection tools for the site:
WAF is a web application firewall that helps filter incoming traffic based on location, IP addresses, user agents, and more.
Page Shield — monitors the status of embedded third-party code (external scripts and libraries) on the site's pages and notifies about the appearance of new or malicious scripts. Available only on paid packages.
Bots — mode of battle with bots, during which the system finds and reduces automated traffic, thereby reducing the harmful load on the client's site.
DDoS is an automated system that protects a website from attacks at several levels: HTTP, SSL/TLS, and the network level.
After updating the content on the site, the information changes on the servers after some time (depending on the settings). Therefore, for the correct operation of the service, immediately after updating the site, you need to clear the cache. This is done in the Caching => Configuration section, where you can also configure caching: set the lifetime of the cache, choose which part of static content you want to cache, enable multi-level caching or temporarily disable this mode altogether.
There's also a nice "Always Online" feature: if the server is temporarily unavailable, visitors will still be able to see a limited version of the pages stored in the Wayback Machine .
Cloudflare has a store of apps that you can add to your site to improve user experience and web performance. Among them are such interesting tools as:
Countdown plugin to a certain event;
AdBlock Minus (eliminates blocking of advertisements);
Security programs, etc.
Cloudflare can partially disable or completely remove a site from the service's servers. All functions described below are available in the Overview tab.
Enable "Developer Mode" (Development Mode). It temporarily disables caching and is needed so that the content is immediately displayed in users' browsers when the site is updated.
Pause Cloudflare on Site (Pause Cloudflare on Site) - site traffic stops passing through the servers, its real IP address becomes visible, protection is removed. You actually disable the service, but you do not remove the site from the platform's NS servers.
Remove site from Cloudflare (Remove Site from Cloudflare) — complete deletion of all site data from NS servers of the platform and cancellation of all subscriptions. In this case, you will need to re-install up-to-date NS servers on the domain name registrar's website.