Usuing CloudFlare only for security (without cache)

Due to the bot attack, I need to deploy Cloudflare, but I can’t use the cache now because it will break some of our systems. Do I understand correctly that I should:

  1. Add a domain and change the DNS
  2. Configure the domain in SSL/TLS Full mode
  3. Go to Rules > Pages and there set “Cache Level: Bypass”
  4. Go to Security > WAF > Create rule with “Managed challenge” for all countries from which bots attack us?

Am I right? Especially in the context of how to properly disable the cache for sure.

As far as cache, Step 3 would be to go to Caching → Cache Rules, and add one for Hostname CONTAINS: example.com to Bypass Cache.

That will turn off Cloudflare cache for your entire example.com domain.

Thank you! Can you tell me why my version was bad? Is that “page rule” option for something else?

Page Rules aren’t necessarily bad. Cache Rules are newer and generally easier to configure.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.