Cloudflare DNS Best Cloudflare Setting

Cloudflare or Cloudflare CDN creates several copies of a website across its vast delivery network.

Based on a visitor’s geographical location, the nearest Cloudflare DNS kicks into action and delivers the website content to the requestor in the fastest possible time.

Related topic: Basic Knowledge about What is Cloudflare

1. Cloudflare DNS

A DNS server is a fundamental configuration of any website. There are various settings to configure like add, delete and modify records.

The Cloudflare DNS management page within the Cloudflare account makes it easy to work with it.

Cloudflare DNS

2. Cloudflare Network

The Cloudflare networks page is another important component after the Cloudflare DNS management section.

The network management page has a crucial role to play in the performance boosting of your website.

Cloudflare network

3. DNS Security Extensions (DNSSEC)

DNSSEC protected zones are cryptographically signed to make sure the DNS records obtained are identical to the DNS records distributed.

  • Enable easy-to-use DNSSEC

Related article: Understanding DNSSEC in Cloudflare DNS

4. Automatic HTTPS Rewrites

This helps fix content by changing HTTP to HTTPS for all links and URLs on your website. One just has to enable this from the Cloudflare CDN account.

  • On Automatic HTTPS Rewrites

5. Cloudflare Firewall

The Cloudflare CDN has a long list of options one could choose to activate and configure within its firewall menu.

These are mostly related to security of your website which can be edited as required.

6. Security Level

The Cloudflare CDN best practice suggests that a website’s security level be adjusted as per individual requirements.

Depending on the security configuration (s) including the Cloudflare DNS, some visitors may receive a challenge page while others may be able to access the website directly.

Adjust your website’s Security Level to determine which visitors will receive a challenge page.

Users can select from different security levels within Cloudflare hosting to challenge and prevent suspicious visitors.

This is also an effective protection against DDoS attack and mitigates DDoS effects.

DDOS Protection by Cloudflare

To prevent a DDoS attack, it is recommended to start with “medium” as the security level. However, to mitigate an on ongoing DDoS effect, one can raise it to “I’m under attack”.

7. Challenge Passage

Once a visitor has passed the challenge page and has landed on the website homepage, the net thing to do is configure a session time out.

Limiting the time of each session (atleast when idle) provides for DDoS attack protection, mitigation of DDoS effects, and helps decrease un-necessary load on the Cloudflare CDN.

The starting session length is 30 minutes, it can be increased as required whenever such scenarios present itself.

8. Browser Insights

Want to know how quickly does your website and its pages come up? Just switch on Browser Insights. 

  • On Browser Insights

9. Cloudflare Caching

This page includes one of the most wonderful settings. It allows you to manage caching settings for a website on this page’s Configuration tab.

10. Server-side Excludes

Hide specific content from untrustworthy browsers on your website. This can be done automatically via the Cloudflare CDN account login

  • On Server-side Excludes

11. Privacy Pass Support

Privacy Pass is a browser extension created by the Privacy Pass Team. This extension helps to enhance browsing experience.

Allowing Privacy Pass reduces the number of CAPTCHAs shown to visitors.

  • On Privacy Pass Support

12. TLS 1.3

Experts from the Cloudflare CDN domain highly recommend enabling the latest version of the TLS protocol for improved security and performance. 

TLS 1.3 is the latest, quickest, and safest version of the TLS protocol.

When one configures the TLS 1.3 feature, all incoming and outgoing traffic from a Cloudflare CDN website will be served over the TLS 1.3 protocol when supported by clients.

  • On TLS 1.3

This also helps immensely with DDoS attack prevention, mitigation of DDoS effects and helps Cloudflare CDN performance.

SSL Encryption Mode

13. Cloudflare SSL/TLS

Most recently, the Cloudflare CDN service revamped their SSL/TSL page. It is now very easy to comprehend the various options available under SSL/TLS encryption mode. 

This is yet another security configuration which helps protect Cloudflare DNS along with the Cloudflare ipv6 setting.

14. Auto Minify

Using auto minify helps in decreasing the file size of the source code on a website.

This is an impactful configuration to be used as it decreases the packet sizes which are transmitted which automatically enhances your website loading speed.

It is recommended to enable this for all three options as below. 

  • JavaScript
  • CSS
  • HTML

Once this is done, users can see a perceived change which boots a website’s performance. It also lessens the load on the overall Cloudflare DNS and Cloudflare CDN.

15. Purge Cache

Cloudflare gives users the ability to clear all cached files.

When this is done, it pushes Cloudflare to refresh all data and retrieve the most recent copy of your website files and other data to be stored on the Cloudflare CDN systems.  There are two options to choose:

  • Custom purge allows to clear specific files only
  • Purge Everything will clear all the files stored as cache.

Caution – This is not a permanent setting. Every time there is a need for data or cache to be purged, this will have to be performed manually.

16. HTTP Strict Transport Security (HSTS)

For enhanced Cloudflare CDN security, it is recommended to turn on the HSTS security configuration. This can be done so from the Cloudflare CDN account as below.

17. SSL/TLS Recommender (Beta)

Experts strongly recommend enabling the SSL/TLS Recommender setting within the Cloudflare CDN account.

This helps to receive emails directly from Cloudflare with their recommended configurations. 

  • On SSL/TLS Recommender

Doing so is another way in which Cloudflare security on Cloudflare DNS can be enhanced to avoid DDoS attack.

18. Opportunistic Encryption

Opportunistic Encryption allows browsers to benefit from the improved performance of HTTP/2 by letting them know that your site is available over an encrypted connection. Browsers will continue to show HTTP in the address bar, not HTTPS.

  • On Opportunistic Encryption

19. Certificate Transparency Monitoring (Beta)

Enabling this setting in the Cloudflare CDN hosting helps to receive an email whenever a Certificate Authority issues a certificate for your domain. 

  • On Certificate Transparency Monitoring

This Cloudflare CDN module is currently available in beta version. It is being refined to provide more and enhanced protection. However, even in its beta stage, it is pretty useful.

For more and detailed information about Exabytes and Cloudflare hosting offered – please visit Exabytes Cloudflare page. Sign up today and grow your business online.

Related articles:

Previous article2nd E-COMMERCE EXPORTING (MySmeExport) Forum Success
Next article.MY Domain – The Most Popular Domain Malaysia
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments