Cloudflare able to block a Bot Attack on Webflow hosted website

Has anyone had any experience using a cloudflare security service on a Webflow hosted site to block a bot attack? I want to keep the site hosted on Webflow, is this possible? Thoughts on compatability, effectiveness and cost are much appreciated.

I’ve not used it, but Webflow appears to require that Cloudflare DNS records pointing to it are set to “DNS only”…

Therefore requests go direct to Webflow and don’t pass through your Cloudflare account, so no Cloudflare settings can affect that traffic.

They do say this is due to problems proxied sites create for SSL certificate generation so you may be able to use the proxy between those times, but the proxy will need to be disabled for their SSL certificate to update.

1 Like

They indicate that they make that statement to avoid certificate provisioning and renewal isssues. I helped a Webflow user here in a recent topic whose certificate on the Webflow server expired. Switching the Webflow hostnames to :grey: DNS Only allowed the renewal of the Webflow certificate. The proxy was re-enabled after certificate renewal.

If the certificate is the only reason they discourage proxying, it should be possible to adjust Cloudflare settings to better accommodate ACME HTTP-01 challenges in a manner that avoids having to disable the proxy. This typically can be accomplished by disabling Always Use HTTPS and using a custom redirect to HTTPS that exempts the /.well-known/acme-challenge/ path.

I dont know if Webflow restores visitor IPs or has other reasons for recommending :grey: DNS Only.