new to Cloudflare(Pro Plan) and I would like to ask a few questions just to make sure I am in the right track. I have already updated the NameServers and now all the traffic goes through Cloudflare.
My questions are:
Let’s say that have a domain example.com, which is proxied. I have a subdomain hello.example.com, which is also proxied. Does this mean that every traffic that is proxied, goes through Cloudflare?
I have enabled WAF in my account, this means that all the websites that are proxied are protected from Cloudflare WAF?
If i understand correctly Rate Limiting offers additional security to my proxied websites. Do you recommend to enable this feature or for now leave it off?
From now on, all my proxied websites are protected from Cloudflare? For my main website is in Wordpress, while my web app is written in PHP & JavaScript. Am i protected from DDoS and various other threats?
If you are not sure that you need it, you probably dont. Also, it is a paid feature.
Yes and no. You are definitely protected from any non level-7 DDoS attacks. As for attacks on an HTTP level, Cloudflare will still attempt to block these as well, but it might require additional tweaking from your side (security level, IP access rules, firewall rules, rate limiting, etc.).
Is hello actually a domain or just a hostname? Anyhow, assuming example.com is the domain on which you have activated WAF, it will apply to all proxied hosts.