– Education, Methodology, Social Sciences and Technology
Education and technologyEnglishTechnology

Example of a Cloudflare configuration for a website

Updated on / dernière mise à jour : 12/09/2023

If you want to protect your website, Cloudflare is an excellent tool and it also has a free plan for its users.

For those who find it a bit complicated to configure Cloudflare since it has numerous options, the following basic configuration might be helpful…


SSL/TLS Recommender: Yes
Always Use HTTPS: Yes
HSTS Status: On; Max-Age: 6 months; Preload: On
Minimum TLS Version: TLS 1.0 (default)
Opportunistic Encryption: No
TLS 1.3: Yes
Automatic HTTPS Rewrites: Yes
Certificate Transparency Monitoring: Yes
Disable Universal SSL: No
Authenticated Origin Pulls: No


WAF – Firewall rules

Rule 1: Allow

Expression Preview:
(http.request.uri contains "/ads.txt") or (

Rule 2: Managed Challenge

Expression Preview:
(cf.threat_score gt 10 and cf.threat_score lt 40 and not or ( in {"CN"}) or ( in {"RU"}) or ( in {"BY"}) or ( in {"T1"}) or ( in {"BR"}) or ( in {"ID"})

Rule 3: Block

Expression Preview:
(cf.threat_score ge 40) or (http.request.uri.path contains "/xmlrpc.php") or (http.request.uri.path contains "/wp-login.php" and ne "Your own country") or (http.request.uri.path contains "/wp-admin/" and not http.request.uri.path contains "/wp-admin/admin-ajax.php" and not http.request.uri.path contains "/wp-admin/theme-editor.php" and ne "Your own country") or (http.request.uri.path contains "/wp-content/plugins/" and not http.referer contains "" and not or (http.request.uri.path eq "/wp-comments-post.php" and http.request.method eq "POST" and not http.referer contains "")


Bot Fight Mode: ON


Security Level: Medium
Challenge Passage: 1 month
Browser Integrity Check: ON
Privacy Pass Support: ON


Brotli: ON
Optimized Delivery: ON
Rocket Loader: OFF (it's better to not use it since it can affect advertising programs such as Google Adsense)


Caching Level: Standard
Browser Cache TTL: 4 hours
Crawler Hints: ON
Always Online: ON
Development Mode: OFF
Argo Tiered Cache: ON


Page Rules

URL (required):*
Security Level: High
Cache Level: Bypass
Disable Apps
Disable Performance


Normalization type: Cloudflare
Normalize incoming URLs: ON
Normalize URLs to origin: OFF


HTTP/3 (with QUIC): ON
0-RTT Connection Resumption: ON
IPv6 Compatibility: ON
WebSockets: ON
Onion Routing: ON
Pseudo IPv4: OFF
IP Geolocation: ON
Maximum Upload Size: 100 MB

Scrape Shield:

Email Address Obfuscation: ON
Server-side Excludes: ON
Hotlink Protection: OFF



Leave a Reply

Your email address will not be published. Required fields are marked *

one × 1 =

Robert Radford, M.A., Québec (Canada) © MMXXIII.
All rights reserved.