Cloudflare — DNS, CDN & Security

What Cloudflare Does

Cloudflare sits between the internet and your servers. Its 300+ global edge locations serve cached content locally, block attacks before they reach you, and accelerate everything else. Free tier covers most of what a developer needs.

• DNS — authoritative nameserver (fast, 100% uptime SLA)
• CDN — cache and serve your assets from the edge nearest each user
• SSL/TLS — free certificates, automatic HTTPS
• WAF — blocks SQLi, XSS, bot traffic
• DDoS protection — absorbs attacks at scale (unmetered on all plans)

Setup

1. Add your site at cloudflare.com → choose Free plan
2. Cloudflare scans your existing DNS records
3. Update nameservers at your registrar to Cloudflare's NS
4. Wait 5–60 minutes for propagation
5. Verify: dig NS yourapp.com should show Cloudflare NS

SSL/TLS Configuration

Always use Full (Strict) mode — encrypts both Cloudflare↔User and Cloudflare↔Origin.

Enable these in SSL/TLS settings:

• Always Use HTTPS — redirect all HTTP to HTTPS
• HSTS — browsers always use HTTPS (enable after confirming HTTPS works)
• Automatic HTTPS Rewrites — fixes mixed content warnings
• Minimum TLS 1.2

Caching Rules

# Cloudflare: Caching → Cache Rules

Rule 1: Cache static assets aggressively
Match: file extension is .css, .js, .png, .jpg, .svg, .woff2
Action: Cache eligible, Edge TTL: 1 year, Browser TTL: 1 year

Rule 2: Never cache API responses
Match: URI path starts with /api/
Action: Bypass cache

Rule 3: Cache HTML for 1 hour
Match: everything else
Action: Edge TTL: 1 hour

WAF Rate Limiting

# Security → WAF → Rate Limiting Rules

Rule: Block aggressive scrapers
Match: all requests
Rate: 100 requests per 1 minute
Action: Block for 1 hour

Rule: Challenge suspicious traffic (score > 30)
# Cloudflare assigns threat scores based on IP reputation
Action: JS Challenge (not a full block — just a proof-of-work)