The activation of Cloudflare may have some implications for your websites/applications. We have therefore collected the most important information for you below. If your question is not included, our customer support will be happy to help you at any time.
Cloudflare imposes an upload limit (HTTP Post request size) depending on your account type:
- 100MB Free and Pro
- 200MB Business
- 500MB Enterprise (an increase of this limit can be requested via the CF customer support)
Cloudflare automatically creates a free wildcard SSL certificate for the main and subdomains.
If you want to use a sub-subdomain such as "sub.site.example.org", you need an additional certificate. For this purpose Cloudflare offers the service "Advanced Certificate Manager", which allows for $10/month, to issue additional certificates.
Please note that these certificates should be active before the site is routed through Cloudflare. Otherwise, your website will not work.
You can read more about certificates in the following Cloudflare articles: https://blog.cloudflare.com/advanced-certificate-manager/ https://developers.cloudflare.com/ssl/edge-certificates/advanced-certificate-manager
Cloudflare’s default connection timeout is 100 seconds. Enterprise customers can increase the "Error 524: timeout" up to 6000 seconds. This can be done via the Cloudflare API or contact our customer support to request the timeout increase. https://api.cloudflare.com/#zone-settings-change-proxy-read-timeout-setting
Content Security Policy
Content Security Policy (CSP) is a policy implemented via HTTP header that is used to prevent certain types of attacks on websites where the sites are modified to include and run malicious foreign resources. If you are using CSP headers, you may need to adapt them to use some Cloudflare features. Consult the following linked documentation from Cloudflare for more information: https://developers.cloudflare.com/fundamentals/get-started/reference/content-security-policies/.
A CNAME setup can be used in cases where you want to use your own DNS server instead of Cloudflare's DNS. However, this function is only available for customers with a Business or Enterprise license.
For a CNAME setup, your DNS server must provide CNAME flattening for the root entry.
A detailed explanation of how this works and can be implemented can be found here: https://support.cloudflare.com/hc/en-us/articles/360020348832-Understanding-a-CNAME-Setup
Since Cloudflare terminates the initial TLS connections, existing Mutual TLS (mTLS) won’t work after putting Cloudflare in front of your application. In this case, the service “Cloudflare Access” is what you’re looking for. For more information and a detailed explanation, please look at the following resources: https://www.cloudflare.com/learning/access-management/what-is-mutual-tls/ https://blog.cloudflare.com/using-your-devices-as-the-key-to-your-apps/
Multiple Domains per Account
You can have multiple domains per account. However, every domain needs a separate license. If you use a second domain mainly for forwarding to your main domain, a free license is sufficient in most cases. But, since we can only manage Business and Enterprise accounts, the customer would have to create and manage a separate account for this on his own.
Maybe you want to automate CF actions or Worker deployments. To do this, you can access the Cloudflare API with a Security Token. Detailed instruction for this can be found in this documentation: https://developers.cloudflare.com/api/tokens/create