Cloudflare WAF feasability test on subdomain

edit: replaced “.” with “_” on the example domains below as the forum software is telling me my post contains too many links.

Hi,

My org is planning to move some sites from AWS to be hosted on premises.
The AWS sites are using Amazon WAF.

I’d like to do a feasibility test of Cloudflare WAF to replace Amazon WAF when the sites move on premise site to show the performance is viable, before we commit to this solution.
I’d like to use subdomain cftest_mydomain_com to run Cloudflare WAF enabled versions of sites e.g. site1_cftest_mydomain_com as the Cloudflare WAF enabled test site to test site1_mydomain_com etc

site1_mydomain_com etc need to stay with AWS WAF while we test viability (so we don’t want to touch any route53 DNS config) - is there a way to do this just adding cftest_mydomain_org NS records or similar?

When I go to add site1.cftest_mydomain_com or cftest_mydomain_com in Cloudflare it tells me “Please ensure you are providing the root domain and not any subdomains”

I could register a separate new test domain for this, but I’d rather do it with a subdomain of our main domain if possible as this would look more legit than site1_sketchylookingtestversionofmydomain_org

You need Business subscription from Cloudflare to be able to enable partial DNS setup at Cloudflare. With partial DNS setup you can point with CNAME DNS records your test subdomains to Cloudflare and keep rest of the domain out of Cloudflare platform.

1 Like

Alternatively you can use Pro plan by migrating domains to Cloudflare DNS and disable proxy on all addresses except the test subdomains. DNS migration comes with a risk, so make sure you copy DNS zones exactly from current DNS provider to Cloudflare DNS. If you decide not to enable Cloudflare WAF in production you can keep Cloudflare DNS servers with the free plan.

1 Like

On further consideration I will proceed registering a separate test domain like mydomain.obscuretld to do these tests for full isolation of the test environment, and so I can learn the features of the products without risk to the main domains.

This topic was automatically closed after 31 days. New replies are no longer allowed.