Static site on Render & Cloudflare firewall rules

So as I am aware already, Render runs its own Cloudflare behind for the static sites so we get all the perks already.

But what if I want to add firewall rules to Cloudflare? I tried to add my own Cloudflare for my static site that is on Render and none of the firewall rules I defined are working. I assume this is happening because Render’s CF takes over.

Is there any way I can add the firewall rules?

Hey there,

It’s absolutely possible, we actually have CloudFlare in front of ALL services that are deployed to Render - I actually do this myself. You have to make sure you have your DNS in your own CloudFlare account pointing at the onrender.com address for your site and not the IP address and that you have it set to ‘Proxied’ and it all should just work.

As an example, I have a page rule setup on my own site https://johnb.dev/render which is a CloudFlare rule to redirect to Render.com

curl -I https://johnb.dev/render
HTTP/2 301
date: Fri, 27 May 2022 09:48:14 GMT
location: https://render.com
cache-control: max-age=3600
expires: Fri, 27 May 2022 10:48:14 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wKSlStccwNybgQWitdoUJYi9QgFQIP1OJYSQZhHMbcAGAd5GskrTHxdS%2F4L7nbFoDC6aiPiZ%2Blbv3MSrJrbYQu0yeF4lSFfpgM%2ByRFCAq8RqLUFB0BIoyo9glLQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 711dd56d5acf7768-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

John B

Hey @John_B ! Thanks for the answer. You are right - currently my A (@) points to the Render’s IP (proxied).

Just to clarify: That means I should point both A (@) & CNAME (www) to the *.onrender.com ?

UPDATE: It does not seem to be working. When I try to point A record to *.onrender.com, I am getting “Valid IPv4 address is required”.

That is correct, it will work, but specifically, if you’re using CloudFlare yourself then you have to use the CNAMEs for your account to work. If you enter a CNAME value on the root domain, CloudFlare will say it will use CNAME flattening for you which is what you want.

John B

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.