— Calotte

Cloudflare is one of the biggest networks operating on the Internet. People use their services for the purposes of increasing the security and performance of their web sites and services.

What is Cloudflare?

Cloudflare protect and accelerate websites. Once a website is added to the service, its web traffic is routed through its global network and cached at the edge. They automatically optimize the delivery of web pages so visitors get the fastest page load times and best performance. They also block threats and limit abusive bots from wasting bandwidth and server resources. They can do all that by sitting between your users and your origin server. When a user asks for one of your webpages, Cloudflare intercepts the request, gets the required assets from your server, and delivers it to the user while keeping a copy they can serve quickly when the next request arrives.

Adding your domain to Cloudflare

Adding your domain is pretty straightforward and you can find everything you need in the official documentation. We suggest you simply jump right in and follow the on-screen instructions. Note that for security reasons, everything we host goes through their services. So if you plan on coming with us, might as well create your account now. We also won't go into too many details here so we'll take for granted you have a basic understanding of how DNS works.

Page Rules

Page Rules let you control which Cloudflare settings trigger on a given URL. Only one Page Rule will trigger per URL, so it is helpful if you sort Page Rules in priority order, and make your URL patterns as specific as possible.

Here's what we usually suggest for a Grav site.

  • ** Forwarding URL (302) to
  • ** Disable security and Cache Level: Bypass.
  • ** Cache Level: Cache Everything.

The last one will most likely prevent you from seeing your changes when updating your content so it might be a good idea to leave it off when you know you need to move things around or for client work. We usually leave this one OFF more often than not and ask our customers to tell us when they require high availability so we can switch it ON.

The Grav team is treating Cloudflare as a first-class citizen and made available one of the best Cloudflare dashboard around as a premium plugin.

Cloudflare firewall rules

Nothing fancy here but we block the top sources of cyberwarfare. At the moment, that would be...

  • China
  • Russia
  • North Korea
  • Iran

While we aim at being accessible and honest, the number of attacks originating from those countries is just too much. Sorry about that. 🤷


SSL/TLS Full (strict) and Cloudflare's origin certificates

Now that you are using Cloudflare, cPanel's autoSSL might give you an error each month. In order to resolve the error, you usually have to pause Cloudflare's services, run autoSSL, and turn the services back on again.

You can prevent this by using a Cloudflare Origin Certificate. A free TLS certificate issued by Cloudflare (valid for 15 years), that can be installed on your origin server to facilitate end-to-end encryption for your visitors using HTTPS. If not already set, you can then optionally change the SSL setting about to use “Full (strict)” mode.

Cloudflare (and Calotte) recommends this guide if you need help installing the certificate on your cPanel account.

You will probably need Cloudflare's CA Bundle at one point and since it might be a bit hard to find, here it is...



Chances are, you are using emails. And chances are, you will eventually run in some kind of issues with email delivery when using Cloudflare. So here's a nice example of what kind of DNS records you'll want whenever you put a new website online.

A   mail XX.XX.XXX.XXX  DNS Only

Welcome back!

You've been logged out.