diff --git a/umbraco-cloud/explore-umbraco-cloud/what-is-umbraco-cloud/frequently-asked-questions.md b/umbraco-cloud/explore-umbraco-cloud/what-is-umbraco-cloud/frequently-asked-questions.md index b61bb68f4ac..2dccca56c18 100644 --- a/umbraco-cloud/explore-umbraco-cloud/what-is-umbraco-cloud/frequently-asked-questions.md +++ b/umbraco-cloud/explore-umbraco-cloud/what-is-umbraco-cloud/frequently-asked-questions.md @@ -954,9 +954,12 @@ For questions about resource usage, contact the support team. ### Can Cloudflare be used with Umbraco Cloud? -Yes. Since Umbraco Cloud already uses Cloudflare for DNS, hostnames must be enrolled as **DNS Only** with a CNAME pointing to `dns.umbraco.io`. Once the hostname appears as **Protected** in the **Project** > **Hostname** section, **Proxying** can be enabled in Cloudflare if specific features like Page Rules are required. +Yes. Hostnames managed in a customer's Cloudflare (CF) zone can be enrolled as **DNS Only** or via [the hostname pre-validation flow](https://docs.umbraco.com/umbraco-cloud/go-live/manage-hostnames/hostname-pre-validation) in the [orange-to-orange configuration](https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/how-it-works/). -For optimal performance, keeping the DNS entry set to **DNS Only** in Cloudflare is recommended. This allows Umbraco Cloud to manage automatic Transport Layer Security (TLS)/HTTPS certificates for hostnames. Before implementing a custom Cloudflare setup, consult the support team via chat or [email](mailto:support@umbraco.com). +- [Orange-to-orange configuration](https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/how-it-works/) is the recommended approach for maximum control, as you get to keep full control of your Edge configuration. In an orange-to-orange configuration, any Umbraco Cloud Cloudflare provided features, such as Managed Challenge, Web Application Firewall (WAF), can be stacked or disabled and managed manually in the customer zone. +- The **DNS Only** configuration is the recommended approach for minimum custom Cloudflare maintenance. In the **DNS Only** configuration, the customers' Cloudflare zone won't apply DDoS protection or Web Application Firewall, and the Umbraco Cloud Cloudflare features will continue working. + +It is worth mentioning that Umbraco Cloud websites already provide many baseline Cloudflare features such as DDoS or Web Application Firewall by default. ### Does Cloudflare add additional HTTP request headers?