Firewall clash

Hi there.

Just wondered: if we switch to Cloudflare, would we typically disable all our current firewall rules and just let Cloudflare do everything? Or would we keep them in place? Would their be any performance issues or any clashes if we kept both in parallel? What’s standard practice?

Thanks, Jon

You should keep all your firewall rules in place for non-HTTP traffic since Cloudflare won’t be proxying that (unless you use Cloudflare Spectrum) and you need to keep protecting your server the same as before.

If your DNS records are proxied and all HTTP traffic comes via Cloudflare, then you allow only HTTP/HTTPS ports on your firewall to be reached by Cloudflare IP addresses and block everything else so people can’t bypass rules you set on Cloudflare by going direct to your server.

If your DNS records are not proxied you will need to leave HTTP/HTTPS ports publicly available.

2 Likes

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.