WAF Subdomain Visitor IP - recommended plan


I have two websites hosted on 2 different servers, both are using the same root domain but different subdomains.

Let’s say it’s abc.example.com and xyz.example.com

Can I protect only one subdomain abc.example.com with the PRO plan?

If I use Cloudflare, does the visitor IP will appear in my server logs?
I’m worried if I change the nameservers at my domain registrar, my whitelist for xyz.example.com won’t work anymore.

Any advice would be appreciated.

I presume it’s not a sub-domain, but just a hostname, right?

In that case, yeah, you can only proxy that particular hostname through Cloudflare. You’ll need to place the entire domain on Cloudflare, but you can set all other hostnames to :grey:, in which case they’ll connect directly.

Not by default. The moment you proxy, connections will come from the proxies and you will need to make sure you rewrite IP addresses on a web server level → https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs

Thanks @sandro

abc.example.com this is A record pointing at server public IP.
xyz.example.com this is CNAME record pointing at Azure Web App.

Can just I simply turn the switch off under the Proxy Status and this will bypass the proxy?

Absolutely, the cloud icon controls the proxy status and whether that record resolves to the configured address or the proxies.

Thanks @sandro

Does the proxy status icon also applies to the status of WAF?
I assume when I switch the proxy on and off, I also enabling and disabling the WAF.

I want to use Cloudflare to protect only abc.example.com but I don’t mind using Cloudflare DNS service for name resolution. Is the PRO plan is suitable?

More or less. WAF requires proxying, but if you proxy you can still disable WAF.

In your case you should make sure only abc is proxied and all other records are not.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.