Does free plan have “any” firewall? I ask, because when we activate the free plan then run a site scan at Sucuri, it says we DO have a firewall and shows “Cloudflare” as where it is.
Yes it has. You have five firewall rules free, use them wisely. Plus that you can use IP access rules. Both aren’t configured by default.
I don’t know what they are scanning.
Hmm… so unless we go in and configure them, they’re not doing anything?
Exactly. The only thing Cloudflare does is block traffic to all ports except these:
Eh… not “exactly”. We do have a couple of default rules that apply to all zones to block exploits which could be potentially disastrous to a large number of our customers for “free” even though technically they haven’t subscribed to a plan which would normally cover it.
I also suppose it depends on how one defines Firewall. But if you want what is generally considered to be a Web Application Firewall that is available only on a Pro, Business or Enterprise plan.
Well, that is a new thing I discover. Good to know!
So what should I do at the minimum with the free plan? Is there a guide somewhere as to what basic settings to use? I’ve always felt secure with the free plan, but am now wondering.
It really depends on what is behind the domain, but most things that can be done are in the WAF package, on Pro plans and above. The Free plan can do little more than block IP and match UA/ASNs etc.
You should familiarize yourself with Firewall Rules, they are pretty powerful:
Also, admin areas can be protected by Access (free for up to 5 users each month)
[quote=“MarkMeyer, post:2, topic:76585”]
Plus that you can use IP access rules.
and User Agent Blocking
Oh yes, I forgot. I never used it for some reason.