Cloudflare Docs
Fundamentals
Cloudflare Fundamentals
Visit Cloudflare Fundamentals on GitHub
Set theme to dark (⇧+D)

Protect your origin server — Free

Your origin server is a physical or virtual machine that is not owned by Cloudflare and hosts your application content (data, webpages, etc.).

Receiving too many requests can be bad for your origin. These requests might increase latency for visitors, incur higher costs — particularly for cloud-based machines — and could knock your application offline.

Select a plan to see how Cloudflare can help you protect your origin:

Free Pro Business Enterprise

​​ Secure origin connections

When you secure origin connections, it prevents attackers from discovering and overloading your origin server with requests.

  • DNS:

    1. Proxy records (when possible): Set up proxied (orange-clouded) DNS records to hide your origin IP addresses and provide DDoS protection. As part of this, you should allow Cloudflare IP addresses at your origin to prevent requests from being blocked.
    2. Review DNS-only records: Audit existing DNS-only records (SPF, TXT, and more) to make sure they do not contain origin IP information.
    3. Evaluate mail infrastructure: If possible, do not host a mail service on the same server as the web resource you want to protect, since emails sent to non-existent addresses get bounced back to the attacker and reveal the mail server IP.
    4. Rotate origin IPs: Once onboarded, rotate your origin IPs, as DNS records are in the public domain. Historical records are kept and would contain IP addresses prior to joining Cloudflare.

​​ Monitor origin health

To receive an email when Cloudflare is unable to reach your origin, create a notification for Passive Origin Monitoring.

​​ Reduce origin traffic

​​ Block traffic

For more details, refer to Secure your website.

​​ Increase caching

The cache stores data from your application (webpages, etc.) at Cloudflare data centers around the world, which reduces the number of requests sent to your origin server.

​​ Distribute traffic

To randomly distribute traffic across multiple servers, set up multiple DNS records.

For more fine-grained control over traffic distribution — including automatic failover, intelligent routing, and more — set up our add-on load balancing service.