Configuring Cloudflare
You will know in 5 minutes:
- All Cloudflare specific you have to know and features may be useful to you.
Cloudflare advantages
- DNS hosting / manager without charge.
Cloudflare disadvantages
- Will vary your website content in some way (see below).
- Domain name used in DNS manager's resource records instead of well-known '@' symbol.
Recommended settings for the all of your domains
Caching -> Configuration -> Always Online -> turn ONAlways Online helps your site to stay online if your server goes down.
Apparently will work for the websites with the static content.
SSL/TLS -> Edge Certificates (tab) -> Automatic HTTPS Rewrites -> turn OFFAutomatic HTTPS Rewrites helps you in unpredictable way (for you).
It vary your content even more than just e-mail rewriting (see below).
Suggestions:
- It is better to fix all mixed content problems by yourself.
SSL/TLS -> Edge Certificates (tab) -> Always Use HTTPS -> turn OFFIt is better to control rewrites by yourself, but you can turn it on if you prefer.
Scrape Shield -> Email Address Obfuscation -> turn OFFMay brake HTML code.
Scrape Shield -> Hotlink Protection -> turn OFF (default)Possibly you want to disable it, or enable.
What port will be used on your side (side of your server) for the web / WWW traffic
By default CF use port 80 and HTTP protocol (flexible mode).
If you want to change it to 443 and HTTPS protocol (full mode):
If you want to change it to 443 and HTTPS protocol (full mode):
SSL/TLS -> Overview (tab) -> Automatic HTTPS Rewrites -> select FullTo revert it back to port 80 and HTTP protocol - select Flexible.
Suggestions:
- Please remove all unconditional redirects (like 302, 301, 307 etc) from HTTP to HTTPS on your (server) side to avoid infinite redirect loop to HTTPS.
You can use server's rewrite rules to distinguish CF visit from the direct visit and redirect user accordingly.
Other specific
- Cloudflare protects e-mail's defined on site - this will vary your content.
- Your support tickets will be avail on https://support.cloudflare.com/hc/en-us/requests .
helpful PHP code for the Cloudflare users
$global_remote_addr = ''; if (!empty($_SERVER['REMOTE_ADDR'])) $global_remote_addr = $_SERVER['REMOTE_ADDR']; if (!empty($_SERVER['HTTP_CF_CONNECTING_IP'])) $global_remote_addr = $_SERVER['HTTP_CF_CONNECTING_IP']; //cloudflare //$_SERVER['REMOTE_ADDR'] = $global_remote_addr; //for backward copability, it is not good to do so.
$global_canonical_scheme = 'http'; if (!empty($_SERVER['HTTPS'])) $global_canonical_scheme = 'https'; //cloudflare $cf_visitor = array(); if (!empty($_SERVER['HTTP_CF_VISITOR'])) { $cf_visitor = json_decode($_SERVER['HTTP_CF_VISITOR'], true); } if (!empty($_SERVER['HTTP_X_FORWARDED_PROTOCOL'])) { if ($_SERVER['HTTP_X_FORWARDED_PROTOCOL'] == 'https') { $global_canonical_scheme = 'https'; } } if (!empty($cf_visitor['scheme'])) { if ($cf_visitor['scheme'] == 'https') $global_canonical_scheme = 'https'; }
helpful mod_rewrite (Apache) code for the Cloudflare users
<IfModule mod_rewrite.c> #Avoid to use IfModule condition for the website critical conditions below RewriteEngine on RewriteCond %{HTTPS} =on RewriteRule ^(.*)$ - [env=proto:https] RewriteCond %{HTTPS} !=on RewriteRule ^(.*)$ - [env=proto:http] RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"' RewriteRule ^(.*)$ - [env=proto:http] RewriteCond %{HTTP:CF-Visitor} '"scheme":"https"' RewriteRule ^(.*)$ - [env=proto:https] RewriteCond %{HTTP_HOST} ^(www\.)([^.]*)\.([^.]*)$ [NC] #RewriteRule (.*) %{ENV:proto}://%2.%3/$1 [L,R=301] RewriteRule (.*) https://%2.%3/$1 [L,R=301] <IfModule>
Cloudflare HTTP headers example
HTTP_CF_CONNECTING_IP = 11.22.33.44 HTTP_CF_IPCOUNTRY = US HTTP_CF_RAY = 44de3e26b68196e8-FRA HTTP_CF_VISITOR = {"scheme":"http"} HTTP_CONNECTION = Keep-Alive HTTP_HOST = mydomain.com HTTP_USER_AGENT = curl/7.43.0 HTTP_X_FORWARDED_FOR = 11.22.33.44 HTTP_X_FORWARDED_PROTO = http