WAF Subdomain Visitor IP - recommended plan

user26010 · December 21, 2021, 11:03am

Hello,

I have two websites hosted on 2 different servers, both are using the same root domain but different subdomains.

Let’s say it’s abc.example.com and xyz.example.com

abc.example.com is a public website.
xyz.example.com can only be access from the selected public IPs (it uses whitelisting).

Can I protect only one subdomain abc.example.com with the PRO plan?

If I use Cloudflare, does the visitor IP will appear in my server logs?
I’m worried if I change the nameservers at my domain registrar, my whitelist for xyz.example.com won’t work anymore.

Any advice would be appreciated.
Thanks!

sandro · December 21, 2021, 11:05am

I presume it’s not a sub-domain, but just a hostname, right?

In that case, yeah, you can only proxy that particular hostname through Cloudflare. You’ll need to place the entire domain on Cloudflare, but you can set all other hostnames to , in which case they’ll connect directly.

Not by default. The moment you proxy, connections will come from the proxies and you will need to make sure you rewrite IP addresses on a web server level → https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs

user26010 · December 21, 2021, 12:53pm

Thanks @sandro

abc.example.com this is A record pointing at server public IP.
xyz.example.com this is CNAME record pointing at Azure Web App.

Can just I simply turn the switch off under the Proxy Status and this will bypass the proxy?

sandro · December 21, 2021, 12:53pm

Absolutely, the cloud icon controls the proxy status and whether that record resolves to the configured address or the proxies.

user26010 · December 21, 2021, 1:08pm

Thanks @sandro

Does the proxy status icon also applies to the status of WAF?
I assume when I switch the proxy on and off, I also enabling and disabling the WAF.

I want to use Cloudflare to protect only abc.example.com but I don’t mind using Cloudflare DNS service for name resolution. Is the PRO plan is suitable?

sandro · December 21, 2021, 1:09pm

More or less. WAF requires proxying, but if you proxy you can still disable WAF.

In your case you should make sure only abc is proxied and all other records are not.

system · December 24, 2021, 1:10pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Proxied Site does not block IP Address Request Security	18	2240	May 3, 2021
How do I block my subdomain with Firewall Security	6	5701	February 2, 2022
General Guidances - New User Getting Started	4	2012	September 20, 2019
Regarding Web Application Firewall Implementation Security	2	2117	June 10, 2021
WAF not working for requests originating from CNAME domains Security	11	2745	April 16, 2022

WAF Subdomain Visitor IP - recommended plan

Related topics