Does it make sense from the hosting side to install SSL if the site is connected to CloudFlare?

Does it make sense from the hosting side to install SSL if the site is connected to CloudFlare?

Hi @mail578779,

Yes, you need both the certificate on Cloudflare to secure the part of the connection between the visitor and Cloudflare and the one on your server to secure the part of the connection between Cloudflare and your server.

3 Likes

If I do not have SSL between Cloudflare and my server - what will it mean for my site ?

That it is not secure, as that part of the connection is unencrypted.

1 Like

Will it be unsecure in all 100% cases if SSL between Cloudflare and my server doesn’t exist?

Yes, 100%.

1 Like

If SSL between Cloudflare and my server doesn’t exist - will I see opened lock icon?

No, you won’t.

So if SSL between Cloudflare and my server doesn’t exist - the connection will be unsecure + lock icon will be okay ?

Yeah, it’s basically deceiving the user that the connection is secure, while in fact it’s totally not secure.

1 Like

Your connection will be insecure, everything will be transmitted in plain text in an unencrypted fashion and you will be lying to your visitors and deceiving them.

Long story short, install a certificate on your server.

2 Likes

Will Google notice insecure connection in case If SSL between Cloudflare and my server doesn’t exist + lock icon will be okay ?

Good Lord, what’s the point of this discussion?

Install a certificate and be done with it and don’t lie to your visitors :roll_eyes:

2 Likes

Thanks for all past answers.

Please tell me - does CloudFlare protect my site even mode “Under Attack” is not enable?

Please tell me

We have the gatebot mechanism to alleviate attacks to protect our networks and it is extended to all our customers as part of the prevention. But, L3/L4 or L7 is usually more complex than what the users thought and therefore a fine tuning of firewall is still needed for mitigation efforts.

3 Likes

Who can tune CloudFlare firewall for me to avoid attacks ?

Either you, or an admin you get to do it for you. Someone has to comb through your logs and analyze the traffic you want vs the traffic you don’t want. Me? I’m tired of dealing with attacks from certain countries that don’t need to visit my site, so I cut them off. That’s not viable for other types of sites. My decision.