Hello! I’m working with a client that wants to use Cloudflare security in front of Netlify, the IT guy from my client business has come back with an alternative to DNS only based on this article.
Essentially, the author of the article presents a problem he had from a DoS/DDoS attack that crashed his site and he was able to fix it by implementing the proxy again after configuring Cloudflare to turn off the “Always use HTTPS” for the Netlify proxy.
I’m running this by you all to see if I’ve missed anything. It seems a viable option to allow them to use Cloudflare security configurations. What do you think?
I think as long as the “IT person” from your clients business understands the pitfalls of the rules based proxy setup (here) and configures the rules correctly, it’s a viable option if the customer takes on the responsibility. A lot of network people understand these configurations better than most us devs.
I personally as a consultant wouldn’t support the setup, because it’s hard to debug proxy setups. As Netlify states in the aforementioned link, they can’t debug something they can’t see. If they are trying to stop attacks at the api level, maybe the api’s should be the only thing proxied. Not even sure how this setup would affect the edge configuration.
There really is no right answer here. Trade-offs all around.
