Make sure your site can handle traffic spikes by doing the following:
Go beyond default caching for the fastest site possible
Under the Page Rules section of your account, you can set a pattern (either your entire website, or a section of your site) then turn on the “Cache Everything” option. Creating a page rule and setting the Cache Everything option will mean that Cloudflare will fully cache HTML at our Edge network, instead of needing to make roundtrips to your origin web server.
Setting up a custom Page Rule like this is ideal if you have a campaign going on over the holiday season. With the Cache Everything option enabled, Cloudflare will be serving your entire site, taking the load off of your server completely, making you site as fast as possible.
Business plan users can use advanced caching techniques to cache static content on dynamic HTML sites to reduce load using the "Bypass Cache on Cookie" Page Rule option.
Before a visitor adds something to their shopping cart, logs-in or adds a comment - they are considered an anonymous page view. By caching these types of page visits, you dramatically remove vast amounts of load from your server, even if your site is dynamic. You can find out more information in the introductory blog post: Caching Anonymous Page Views.
There are multiple tutorials available on how you can do this:
- Caching Anonymous Page Views with WordPress or WooCommerce
- Caching Anonymous Page Views with Magento 1 and Magento 2
- How do I cache static HTML?
In Page Rules you can also change the Edge Cache Expire TTL, allowing you to determine how long we cache resources at our edge.
Contact your hosting provider to understand the limits of your hosting plan
Even though Cloudflare offsets most of the load to your website via caching and request filtering, a certain amount of traffic will still pass through to your host. Knowing the limits of your plan can help prevent a bottleneck from your hosting plan.
Once you are aware of the limits of your plan, you can utilise a feature like Rate Limiting to restrict how many times any one user can make a request to your website.
Use Cloudflare IP addresses to your advantage
Take action to prevent attacks to your site during peak season by configuring your firewall to only accept traffic from Cloudflare IP addresses during the holidays. If you only accept Cloudflare IPs, you can prevent attackers from getting to your original IP address and knocking your site offline.
Users of the Mod_Cloudflare Apache extension can achieve this by simply adding DenyAllButCloudFlare to their Apache configuration.
Ensure Cloudflare IPs are whitelisted
Cloudflare operates as a reverse proxy to your site so all connections come from Cloudflare IPs, so restricting our IPs can cause issues for visitors trying to access your site. The list of our IP can be found here: https://www.cloudflare.com/ips