Cloudflare is a DNS provider, content delivery network, and also provides protection again DDoS and other types of malicious activity.
We recommend that customers secure their platform against malicious activity using a variety of safeguards, including: using a strong and unique password for your ControlShift user account, securing your user account with two-factor authentication, enabling Google's reCAPTCHA to secure forms on your site, and enabling Cloudflare's proxy service.
Cloudflare Proxy Service
Cloudflare's proxying service protects your domain from malicious activity by sitting between your site and the internet and using sophisticated machine learning to block traffic from malicious sources, while also accelerating the delivery of pages to browsers. We strongly recommend setting up Cloudflare for your platform using their free Project Galileo offer, which grants organizations in the social sector free access to their professional tier of service. The free tier that Cloudflare provides to all customers can also be a good place to start while awaiting Project Galileo approval.
To get started using Cloudflare to secure your site, you'll need to start by migrating your nameservers to Cloudflare. Once you've migrated your DNS records, it's important to click the orange cloud icon () to enable proxying where appropriate. More information about enabling proxying is available in Cloudflare's help center.
Please note: Cloudflare's proxying service should NOT be enabled for email authentication (SPF/DKIM) records. Please ensure that all SPF/DKIM records have gray, not orange, clouds.
Other Cloudflare Settings
When enabling Cloudflare for your ControlShift site, other settings will also become available. Please note that some of these settings may prevent the normal operation of the platform. In particular, please ensure that Cloudflare's Rocket Loader is disabled for ControlShift. Please ensure that Cloudflare's Mirage is also disabled on admin pages (any pages that have
/org in their URL). If these settings are needed for other domains managed in Cloudflare, you should be able to limit their usage on ControlShift via page rules.