Skip to content
Cloudflare Docs

Cloudflare and Joomla Recommended First Steps

Overview

These basic steps will help reduce common areas of confusion for Joomla users that are new to the Cloudflare services. In addition, these steps are very quick and will generally take you only a few minutes of your time to help you make your experience using Cloudflare better.


Restore visitor IP

Restore visitor IP by following the directions in this article. Since Cloudflare acts as a proxy for sites using our network, Cloudflare's IPs are going to show in your logs, including comments, unless you install something to restore the original visitor IP.

Why should you restore visitor IP?

If you receive a lot of comments or spam on your blog, you may mistakenly believe that Cloudflare is spamming you. Some other Joomla plugins or extensions may also rely on the original visitor IP for the services to work properly and reduce false alerts.


Create a Page Rule to exclude Joomla

Create a Page Rule to exclude the Joomla admin or Joomla login sections from Cloudflare's caching and performance features.

Why do this?

While there is not always an issue, we have seen instances where optional performance features like Rocket Loader may inadvertently break certain functions (editors, etc.) in your Joomla back end.


Skip security features for specific IP addresses

You can use WAF custom rules to skip certain security features for IP addresses you want traffic from or expect traffic from. Some common services you probably want to allow include:

  • APIs you are getting data from
  • Monitoring services you use to monitor your site's uptime
  • Security services
  • IP addresses you frequently log in from

Why do this?

If you have enabled and configured Cloudflare's Web Application Firewall, legitimate services and/or you may get challenged while accessing your backend. To prevent issues on your site, consider skipping certain security features for requests coming from known IP addresses.


Ensure requests from Cloudflare's IP ranges aren't blocked or limited

If you are using services like .htaccess, firewalls or server mods to manage access to your site from visitors, you must ensure that requests from Cloudflare's IP ranges are not being blocked or limited in any way. The number one cause of "site offline" issues in Cloudflare's support channel is something blocking or restricting requests from Cloudflare IPs. To prevent this, ensure that all of Cloudflare's IPs are allowed on your server.

Why do this?

Prevent false offline messages from appearing on your site to you or visitors.