4

On cloudflare, I have given below details for example.com

A record pointing to Azure IP
www CNAME record to example.azurewebsites.net

Cloudflare routing is working for example.com and www.example.com However, any request to example.azurewebsites.net are directly routed to azure network. How can I route requests to example.azurewebsites.net through cloudflare.

Essentially cloudflare DDOS protection is nullified if attacker hits the origin example.azurewebsites.net

I am also aware Azure has a DDOS prevention capability

Faiz Mohamed Haneef
  • 155
  • 2
  • 8

2 Answers2

7

The DNS settings for your website in Cloudflare allow you to proxy traffic so that requests to example.com and www.example.com will be protected.

You do not control azurewebsites.net though so you cannot proxy traffic going directly to that address with Cloudflare, which means that someone can get around the Cloudflare protection by just going to example.azurewebsites.net

What you can do to protect against this is use the IP and Domain Restrictions feature of Azure Websites to restrict traffic so your website will only respond to requests coming through Cloudflare.

Instructions for configuring your site are here: https://azure.microsoft.com/en-us/blog/ip-and-domain-restrictions-for-windows-azure-web-sites/

You can get the list of Cloudflare IPs here: https://www.cloudflare.com/ips/

Mani Gandham
  • 229
  • 2
  • 8
  • 1
    Why is this downvoted? This is the only real way to protect the original hostname on Azure websites... @faiz let me know if I understood your question wrong. – Mani Gandham Jul 28 '16 at 23:43
0

CloudFlare will work with CNAME records, just add a CNAME to your DNS records and make sure they are orange clouded.

If you see an orange cloud icon next to the relevant DNS record your traffic will pass through CloudFlare.

Orange Clouded

mjsa
  • 395
  • 2
  • 6