Does free plan have "any" firewall?

Does free plan have “any” firewall? I ask, because when we activate the free plan then run a site scan at Sucuri, it says we DO have a firewall and shows “Cloudflare” as where it is.

Yes it has. You have five firewall rules free, use them wisely. Plus that you can use IP access rules. Both aren’t configured by default.

I don’t know what they are scanning.


Hmm… so unless we go in and configure them, they’re not doing anything?

Exactly. The only thing Cloudflare does is block traffic to all ports except these:

1 Like

Eh… not “exactly”. :slight_smile: We do have a couple of default rules that apply to all zones to block exploits which could be potentially disastrous to a large number of our customers for “free” even though technically they haven’t subscribed to a plan which would normally cover it.

I also suppose it depends on how one defines Firewall. But if you want what is generally considered to be a Web Application Firewall that is available only on a Pro, Business or Enterprise plan.


Well, that is a new thing I discover. Good to know!


So what should I do at the minimum with the free plan? Is there a guide somewhere as to what basic settings to use? I’ve always felt secure with the free plan, but am now wondering.

It really depends on what is behind the domain, but most things that can be done are in the WAF package, on Pro plans and above. The Free plan can do little more than block IP and match UA/ASNs etc.

That’s probably why I saw a waf block for the first time in my Firewall Events a couple days ago

1 Like

You should familiarize yourself with Firewall Rules, they are pretty powerful:

Also, admin areas can be protected by Access (free for up to 5 users each month)

1 Like

[quote=“MarkMeyer, post:2, topic:76585”]
Plus that you can use IP access rules.

and User Agent Blocking :slight_smile:

1 Like

Oh yes, I forgot. I never used it for some reason. :thinking:

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.