Perform the following steps to configure a domain in Cloudflare:
Log in to ISPmanager as the User.
Check that the domain is connected to Cloudflare. For more information please refer to the article Connecting a domain to Cloudflare.
Go to Sites → … → Cloudflare → Settings. In the form that opens the domain settings from Cloudflare are loaded.
Select a Security level. It determines which users are considered suspicious:
Off -user verification is disabled;
Under attack — is a security level that should be used only if the website is under DDoS attack;
High — all users who have shown suspicious behavior in the last 14 days are checked.;
Medium — only users who pose a dangerous or moderate threat are checked;
Low — only users who pose a very dangerous threat are checked;
Essentially off — only users who pose a critical threat are checked.
Specify the Access time (sec.) to the protected website for users with bad IP reputation who have passed verification. When that period is over, the visitor will have to pass the verification again.
To reduce the size of cached site files, select the file formats in which unnecessary characters will be deleted in the Minify field.
To set up a secure connection for a site, select the type of SSL certificate for the domain:
Off — the site is unavailable over the secure HTTPS protocol. Redirection from HTTPS to HTTP is enabled;
Self-signed —the server with the website supports HTTPS, but the installed certificate does not match the domain or is self-signed;
Flexible — visitors can access the site via HTTPS, but requests to the server with the website will be sent via HTTP protocol;
Existing — a certificate is installed on the server with the website, valid and signed by a trusted certification authority or Cloudflare certification authority. Cloudflare will provide HTTPS access and verify the certificate with each request.
To force a secure connection when trying to open a site over an unprotected connection:
Select the checkbox Automatic HTTPS rewrites;
Enable HSTS option. This redirection is triggered only if the user's browser has already connected to the site via a secure connection and has remembered it;
Specify the Time (sec.) during which HSTS is cached and enforced by the web browser;
Enable subdomains — applies HSTS policy to subdomains;
No sniff — add the “X-Content-Type-Options: nosniff” option to the header. It prevents browsers (Internet Explorer и Google Chrome) from doing MIME-type sniffing.
To upload changes to the domain zone resource records made in ISPmanager to Cloudflare, enable the Upload DNS records option.
Mobile redirect — this service will automatically redirect mobile device visitors to a mobile-optimized subdomain home page. Enter the Alias for redirect (a subdomain of the domain zone on which the pages of the website optimized for mobile devices are located) and enable the option Redirect to homepage.
Enable the option Developer mode to temporarily disable redirecting all requests to a website to the Cloudflare network. This allows you to check all changes on the site before caching them. Developer Mode is automatically disabled 3 hours after it is turned on.
Select the checkbox Email obfuscation to hide email addresses on your web page from bots. At the same time, no visible changes are made for users.
Select the checkbox Hotlink protection to prohibit the use of images from your site on other sites. This allows you to prevent bandwidth reduction due to links on sites such as Google Images, Pinterest, etc. Supported image formats: gif, ico, jpg, jpeg, png.
14. To use TLS protocol version 1.3 to access the site, enable the TLS 1.3 option. This is the most secure protocol, but it may not be supported by older versions of browsers. When enabled, the option will be used only if the client's browser supports it.
15. Enable the SSE option if you want to hide certain content on your website from suspicious visitors. You will need to wrap the content with the tags
16. If the domain uses an IPv6 address, enable the IPv6 Support option.
17. Click Ok to save the changes in Cloudflare.