Skip to main content

Cloudflare Integration

Cloudflare can improve caching, DNS management, TLS flexibility, and edge protection, but it changes how traffic reaches your server. That affects IP logging, firewall rules, and SSL decisions.

DNS Setup

Add Domain to Cloudflare

Add the zone in Cloudflare and review imported DNS records before changing anything public.

Change Nameservers

After Cloudflare assigns nameservers, update them at your registrar. Traffic only begins flowing through Cloudflare once delegation is complete.

DNS Records (A / CNAME)

Point records to your origin server with A or CNAME entries. Keep mail and other non-web services unproxied unless explicitly supported.

Proxy Configuration

Orange Cloud Proxy

The orange cloud means Cloudflare proxies requests instead of serving as DNS-only.

Real Visitor IP

Without real IP restoration, OpenLiteSpeed will log Cloudflare edge IPs instead of the client. Configure trusted proxy handling so application logs, bans, and analytics reflect real visitors.

Cloudflare IP Whitelist

If you firewall the origin tightly, allow Cloudflare IP ranges so proxied requests can reach OpenLiteSpeed.

SSL Modes

Flexible

Flexible encrypts between browser and Cloudflare but not between Cloudflare and origin. Avoid this for serious production use.

Full

Full encrypts end to end, but the origin certificate does not need full validation.

Full (Strict)

Full (Strict) is the best normal target. Cloudflare validates the origin certificate chain or origin certificate according to its trust rules.

Security Features

WAF

Cloudflare WAF blocks common attacks before they reach your origin.

Bot Protection

Bot controls help reduce scraping, credential stuffing, and other automated abuse.

Rate Limiting

Use Cloudflare rate limiting at the edge for login paths, XML-RPC, APIs, and any path vulnerable to request floods.

Integration Checklist

  • DNS resolves through Cloudflare as expected
  • Origin firewall allows Cloudflare proxy ranges
  • Real client IP is restored in server logs
  • SSL mode matches origin certificate setup
  • Edge rules do not conflict with application behavior