There are many ways to protect and prepare your domain to handle spikes in traffic. We recommend the following strategies detailed below:
- use Cloudflare Page Rules to customize caching
- contact your hosting provider to understand the limits of your hosting plan
- use Cloudflare IP addresses to your advantage
- ensure Cloudflare IPs are whitelisted
Use Cloudflare Page Rules to customize caching
1. Log in to your Cloudflare account
2. Choose the Page Rules app.
3. Click Create Page Rule.
4. Enter either your entire website or a section of your site, then set the Cache Level to Cache Everything. Cloudflare will now fully cache HTML at our Edge network, instead of making roundtrips to your origin web server.
5. You can also change the Edge Cache Expire TTL, allowing you to determine how long Cloudflare caches resources at our edge. The TTL options range from two (2) hours to one month.
With the Cache Everything option enabled, Cloudflare will be serving your entire site, taking the load off of your server completely, making your site as fast as possible.
Cloudflare customers on the Business plan can use advanced caching techniques to cache static content on dynamic HTML sites to reduce load using the Bypass Cache on Cookie Page Rule option.
Cache anonymous page views
Before a visitor adds something to their shopping cart, logs-in or adds a comment - they are considered an anonymous page view. By caching these types of page visits, you dramatically remove vast amounts of load from your server, even if your site is dynamic. You can find out more information in the introductory blog post: Caching Anonymous Page Views.
There are multiple tutorials available on how you can do this:
- Caching Anonymous Page Views with WordPress or WooCommerce
- Caching Anonymous Page Views with Magento 1 and Magento 2
- Caching static HTML
Contact your hosting provider to understand the limits of your hosting plan
Cloudflare offsets most of the load to your website via caching and request filtering, but some traffic will still pass through to your host. Knowing the limits of your plan can help prevent a bottleneck from your host.
Once you are aware of your plan limits, you can use a feature like Rate Limiting to restrict how many times anyone user can make a request to your website.
Use Cloudflare IP addresses to your advantage
Take action to prevent attacks to your site during peak season by configuring your firewall to only accept traffic from Cloudflare IP addresses during the holidays. If you only accept Cloudflare IPs, you can prevent attackers from getting to your original IP address and knocking your site offline.
Another option would be to use the mod_Cloudflare Apache extension and add DenyAllButCloudFlare to your Apache configuration.
Ensure Cloudflare IPs are whitelisted
Cloudflare operates as a reverse proxy to your site so all connections come from Cloudflare IPs, so restricting our IPs can cause issues for visitors trying to access your site. The list of Cloudflare IPs can be found here: https://www.cloudflare.com/ips