Using server api with cloudflare mask

I have recently enabled the little orange cloud on my main domain to prevent IP leak. However doing so I’ve encountered that our software that connects via api on our website no longer works. Wanted to know what I can do.


Over which port does that software connect? Do you know if it’s returning an error code?

1 Like

Update! It seemed to be our “under attack” mode enabled that caused this problem. Which is a shame because when we are getting ddosed again we won’t be protected from that. Our next problem is that our emails are sending our server ip in the header.

Emails are annoying that way. If your server is firewalled off so only Cloudflare IP addresses are allowed through, it’s not that big of an issue.

1 Like

Do you mind telling me how I can do this?

Providing you can separate API traffic from other traffic (and that other traffic contains the DDOS stuff) by the URLs used, then you could set a custom security level via a Page Rule to reduce the security level for that whilst still allowing the ‘default’ security level to ‘I’m Under Attack’ (I think). As @sdayman said if all your traffic gets proxied by Cloudflare, you should drop any traffic not form their IP ranges too.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.