I checked the documentation and community description of the title, but I am not sure about the following items.
(1) Can I use Cloudflare DDoS attack protection on L3/L4 layer and also on HTTPS access with Partial(
CNAME) setup domain?
In my research, I found the following statements in the documentation and community.
CNAME) setup - Cloudflare Docs
DDoS protection for attacks against DNS infrastructure is only available for domains on full setup. Domains on the partial setup are not using Cloudflare authoritative nameservers.
Protect only a subdomain from DDoS - Cloudflare Community
If you for some reason cannot delegate the root domain to Cloudflare, the other option you would have, would be by using a Partial setup:
I have the following questions based on the above statements.
Does the statement “DDoS protection for attacks against DNS infrastructure” mean DDoS attack protection in the path to name resolution at the L3/L4 layer?
I can’t find a clear description of DDoS attack protection for HTTPS access to the web server when using
CNAMEsetup.Please let me know about this.
(2) When using the
CNAME setup, will the automatically created Universal SSL certificate be a wildcard for the
CNAME registered subdomain or for the naked domain?
I know that in case of DNS Full setup, the Universal SSL certificate that is automatically created is a wildcard SSL certificate for the naked domain (ex. *.example.com). However, if I register only a subdomain with using Cloudflare
CNAME setup, I would like to know if it is possible to install an SSL certificate for only the subdomain on Cloudflare. If not, please let me know if there is a way to handle this.