These basic steps will help reduce common areas of confusion for Joomla users who are new to Cloudflare services. They are quick and generally take only a few minutes, enhancing your experience with Cloudflare.
1. Restore Visitor IP
To restore visitor IP addresses, follow the directions in the relevant Cloudflare article. Since Cloudflare acts as a proxy, its IPs will show in your logs, including comments, unless you implement a solution to restore the original visitor IP.
Why should you restore the visitor IP?
- If you receive a lot of comments or spam, you may mistakenly believe that Cloudflare is spamming you.
- Some Joomla plugins or extensions may rely on the original visitor IP to function properly and reduce false alerts.
If you activated your site through Cloudflare, you don't need to worry, as visitor IP addresses are restored on their servers by default.
2. Create a Page Rule to Exclude Joomla
Create a Page Rule to exclude the Joomla admin or login sections from Cloudflare's caching and performance features. You can access Page Rules in your Cloudflare settings.
Why do this?
Optional performance features like Rocket Loader may inadvertently break certain functions in your Joomla back end, such as editors and forms.
3. Allow IP Addresses via Cloudflare Threat Control Panel
Log in to your Cloudflare Threat Control panel and allow IP addresses you expect traffic from, such as:
- APIs you're pulling from
- Monitoring services for uptime
- Security services
- Frequent login IP addresses
Why do this?
If Cloudflare detects an IP with a high threat score, you may face challenges accessing your back end, and services may be blocked. Allowing necessary IPs from the start helps prevent future surprises.
Note: Cloudflare allows all known search engines and social media crawlers by default. Be cautious when blocking countries, as it may inadvertently block their crawlers.
4. Review Your Basic Security Settings
If your site frequently faces spam attacks or botnet attacks, consider increasing your security level. The default setting for new users is medium.
Why do this?
A higher security setting will reduce spam but may lead to more false positives, with visitors encountering challenge pages.
5. Ensure Requests from Cloudflare's IP Ranges Aren't Blocked or Limited
If you're using (dot)htaccess, firewalls, or server mods to manage access, ensure that requests from Cloudflare's IP ranges are not blocked or limited. This is a common cause of site offline issues reported in support.
Why do this?
Prevent false offline messages from appearing for you or your visitors by ensuring all of Cloudflare's IPs are allowed on your server.
By following these recommended steps, you can optimize your Joomla site's performance and security when using Cloudflare, ensuring a smoother experience for both you and your visitors.
