Cloudflare WAF not working with proxy mode disabled

Hi folks,

In the Render setup guide for using domains with Cloudflare, it states that the Cloudflare proxying must be turned off. If it’s “orange” and proxied, we encounter errors.

According to this page: in order for most functionality of Cloudflare to work, traffic must be proxied through them.

WAF rules are very important to one of my projects, is it possible to configure Render with Cloudflare in proxy mode?



@rikki. Everything I have read in the forums and the help indicates that proxying through Cloudflare with your own custom DNS is not possible. (orange icon)

On the upside, Render does provide DDoS protection via Cloudflare. Unfortunately this functionality is entirely hidden from the user, with no ability to turn on ‘under attack mode’ or to see if you are having issues.

Thanks, @Rob_Witman. That is what I’ve been fearing reading through these forums…

I’d really like to be able to use some of the finer access controls I’m used to utilising from Cloudflare. I.e. WAF rules etc to block certain access behaviour.

Double stacking Cloudflare seems to be the problem here…

Apparently, this is know as the orange to orange problem. Hopefully Render themselves can assist.

Hey folks,
Orange to Orange works absolutely fine. There is definitely some mis-information out there in regards to this as it sounds like maybe it didn’t use to work and now that it does forums weren’t updated to reflect that.

You do have to use DNS only when you add the custom domain and the certificate gets issued but once that’s done you can enable Orange to Orange/Proxied, I use this configuration myself in my own projects so I know it works :slight_smile:


John B

Thanks for clarifying, John! I’ll take a look at the Render docs for this and see if I can submit a PR to update them for you!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.