Implementing CloudFlare/Incapsula

Table of Contents

  1. Caveat emptor

CloudFlare and Incapsula are a popular utilities for providing website secrecy, content delivery and DOS (denial of service) mitigation. MageStack natively supports these services, no server-side configuration is required to facilitate correct pass through of IP addresses.

The server $_SERVER['REMOTE_ADDR'] is correctly maintained throughout all layers in MageStack (read more about server variables).

Cloudflare support is enabled by default.

If you are using Incapsula or a similar service, please contact a member of the support team so they can enable support on your stack.

Caveat emptor

Whilst an excellent service, third party proxies mimic functionality that MageStack already natively provides; such as performance optimisation, content delivery (via MageStack Edge), bot/scraping protection, WAF (web application firewall), L3/4 firewall and DOS filtering.

This means that the use of a third party proxy can actually lead to reduced performance and lowered security. The loss of visibility of source L3 address prohibits the L3/4 firewall from operating, which in turn prevents the DOS filter and WAF from being capable of issuing an extended temporary block. The additional hop (via the third party proxy) can also cause extended delays diagnosing faults due to the lack of visibility into the third party proxy's network health and condition.

Contact a member of the support team to discuss your needs so that we can explain how you can achieve them through MageStack alone without requiring a third party proxy service.