SlideShare a Scribd company logo

How to test if Cloudflare is running live for your website

Download as PPTX, PDF
Vu Long Tran
Vu Long Tran

This is a guide on how to test if Cloudflare is running live for your website, including creating a har file and finding the ray ID to help with troubleshooting issues with Cloudflare Support

Internet
1 of 41
How to test if Cloudflare is running live What you and your team should know Vu Long Tran, Customer Success
What we’ll cover: How-To Better Integrate with Cloudflare Step 1 - Local Testing Step 2 - Subdomain Testing - Internet Wide How do I know Cloudflare is active on my site? Troubleshooting/ Validating Cloudflare Common Troubleshooting Commands
How do I know Cloudflare is active on my site?
How do I know Cloudflare is active on my site? Response: An easy way to confirm Cloudflare is active and resolving your site is to run a DNS lookup with a command like dig or nslookup. Here is an example command you can run: dig vulongtran.com +trace You can also use a third party site to check the site’s DNS like https://www.whatsmydns.net/ If Cloudflare is active, the site should resolve from Cloudflare IPs as a result of activation and using its services. <Provide output of dig command here to show the customer if the site is resolving from CF IPs>
Cloudflare Trace Verify a site is running through Cloudflare. You can choose to run Cloudflare trace in your web browser: eg. vulongtran.com (replace this with your domain name) www.vulongtran.com/cdn-cgi/trace Response example you should see (if it is running on Cloudflare): fl=35f98 h=www.vulongtran.com ip=2406:3000:11:1022:292e:8f4c:eabe:8684 ts=1490256258.534 visit_scheme=http uag=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 colo=SIN spdy=off http=http/1.1 loc=SG support@cloudflare.com
Claire - Cloudflare Plugin for Chrome You can also use a Chrome extension called Claire that can be used to quickly verify sites using Cloudflare Grey cloud sites are not utilizing our services and orange clouds are utilizing Cloudflare
Check CF-Ray Response Header with Claire support@cloudflare.com
Check CF-Ray Response Header using Developer Tools https://developer.chrome.com/devtools support@cloudflare.com
Check CF-Cache-Status Response Header support@cloudflare.com - For cached objects you will also see CF-Cache-Status response Header
HTTP Headers - Chrome Browser plugin support@cloudflare.com
STEP 2 - Subdomain Testing - Internet Wide How to test if it is working locally STEP 1 - Local Testing
Overview - Routing through Cloudflare requires a DNS settings change support@cloudflare.com Full Cloudflare’s robust, global and fast DNS becomes your authoritative DNS provider. Pros: ● Cloudflare accelerates & protects your apex (root) domain along with subdomains ● Leverages Cloudflare’s network for DNS which is very fast, highly available, and resilient to DNS based attacks. Cons: ● Changing the authoritative provider is not always possible for organizations. CNAME You keep your primary DNS provider and link individual subdomains to Cloudflare. Pros: ● Involves small change and allows only subdomains to be sent through Cloudflare Cons: ● We cannot protect your apex (root) domain ● An attacker may overwhelm your authoritative DNS provider which will cause all DNS functions to fail including the CNAME to Cloudflare There are two ways to connect to Cloudflare:
STEP 1 - Local Testing How to test if it is working locally
## # Host Database ## 127.0.0.1 localhost ... 198.41.209.86 example.com 198.41.209.86 www.example.com 198.41.209.86 secure.example.com Cloudflare IP addresses: The Cloudflare IP address must be valid for the domain/zone being tested. They can be found by testing the DNS resolution for any orange-clouded DNS record in the domain, or by a Cloudflare employee. 1. Open your Host File a. Windows 8 (As Admin): C:WindowsSystem32Driversetchosts b. OSX: /private/etc/hosts 1. Put in a Valid Cloudflare IP Address assigned for your domain/subdomain 1. You may need to flush the OS DNS Cache a. Windows: ipconfig /flushdns b. OSX: How to Flush OSX DNS 1. You may need to flush the browser DNS Cache: a. Chrome: In Chrome URL bar type: chrome://net-internals/#dns b. Safari: From Safari Menu Select: Safari > Empty Cache. 1. Check CF-RAY response header as described on slides above How-To test locally using your Hosts file support@cloudflare.com
1. Find Cloudflare IPs assigned to your domain Requires to do DNS lookup on orange clouded subdomain *(If you don’t have an orange clouded subdomain you can create a test subdomain, eg. test.vulongtran.com which can be orange clouded) Run the following command: for Mac: dig www.vulongtran.com.cdn.cloudflare.net for Windows: nslookup www.vulongtran.com.cdn.cloudflare.net example of response: ;; ANSWER SECTION: www.vulongtran.com.cdn.cloudflare.net. 300 IN A 104.28.18.100 www.vulongtran.com.cdn.cloudflare.net. 300 IN A 104.28.19.100 1. Put one of Cloudflare IPs from response above for your domain/subdomain into Hosts file and save it 1. Flush the OS DNS Cache and Flush the browser DNS Cache 1. Check the CF-RAY response header as described in slides above support@cloudflare.com How-To test locally using your Hosts file
STEP 2 - Subdomain Testing - Internet Wide How to test if it is working locally
Adding Subdomain - Internet Wide support@cloudflare.com 1. Enable Cloudflare (orange clouded) for one of the testing subdomains in order to perform internet wide testing, eg. test.vulongtran.com 1. Route Public DNS queries for the subdomain to Cloudflare performing in one the two ways below: a. If using a 3rd party as Authoritative DNS, then create a CNAME record which points to Cloudflare: eg. test.vulongtran.com CNAME to test.vulongtran.com.cdn.cloudflare.net b. If using Cloudflare as Authoritative DNS, then orange cloud subdomain record, eg. test.example.com 3. Check the CF-RAY response header as described in slides above Make sure for performing this test any Local testing configuration should be cleared out
Adding Subdomain under Cloudflare UI support@cloudflare.com
How-To Better Integrate with Cloudflare Whitelist Cloudflare IPs to ensure your firewalls are not blocking our services
Preparing your network ● Configure firewalls to prevent access to your servers, load balancers, and other infrastructure from non- Cloudflare IP addresses This means whitelisting Cloudflare IPs in your Access Control List to prevent rate-limiting or false positives from any intrusion detection systems. ● Prevents attackers from recording/recognizing the “fingerprints” of your hardware when probing your IPs Restoring original user IP addresses ● HTTP requests will be coming from Cloudflare, instead of the actual users. Cloudflare adds “CF- Connecting-IP” and standard “X-Forwarded-For” headers to all request ● Nginx, Apache, and IIS configs to switch the logged IP are available. ● You can find out how to easily restore the originating IP address here! How-To Better Integrate with Cloudflare
Troubleshooting/Validating
Cloudflare Custom Headers Cloudflare provides custom headers and cookies for debugging, visitor information and improved security. Header How we use it Example value CF-Ray This Cloudflare specific header is a unique identifier for every request passing through Cloudflare and is used primarily for debugging. 13b9eb04dff503dc-DFW CF-IPCountry The standard identifying header for the originating protocol of an HTTP request. Cloudflare may communicate with a web server using HTTP even if the request to the reverse proxy is HTTPS. US Cookie How we use it Example value cfduid This cookie is used by Cloudflare to apply security decisions to users that may share the same IP address (such as in a coffee shop). It does not correspond to any user id, nor does the cookie store any personally identifiable information. d88dfb702206c2326978 0….115252
Cloudflare Custom Headers Cloudflare adds host headers to supplement the redirect standards. You may also need to restore the originating IPs. (Here’s How) Header How we use it Example value X-Forwarded-For The standard identifying header for the originating IP address of a client connecting through an HTTP proxy. 173.245.57.22 X-Forwarded-Proto The standard identifying header for the originating protocol of an HTTP request. Cloudflare may communicate with a web server using HTTP even if the request to the reverse proxy is HTTPS. https CF-Connecting-IP This Cloudflare specific header is also used for identifying the originating IP address of a client connecting to your web server through Cloudflare. 173.245.57.22 CF-Visitor This Cloudflare specific header is also used for identifying the originating protocol of an HTTP Request. {"scheme":"https"}
## # Host Database ## 127.0.0.1 localhost ... 198.41.209.86 example.com 198.41.209.86 www.example.com 198.41.209.86 Cloudflare IP addresses: The Cloudflare IP address must be valid for the domain/zone being tested. They can be found by testing the DNS resolution for any orange-clouded DNS record in the domain, or by a Cloudflare employee. 1. Open your Host File a. Windows 8 (As Admin): C:WindowsSystem32Driversetchosts b. OSX: /private/etc/hosts 1. Put in a Valid Cloudflare IP Address for your domain or subdomain 1. You may need to flush the OS DNS Cache a. Windows: ipconfig /flushdns b. OSX: How to Flush OSX DNS 2. You may need to flush the browser DNS Cache: a. Chrome: In Chrome URL bar type: chrome://net-internals/#dns a. Safari: From Safari Menu Select: Safari > Empty Cache. 1. Use curl to confirm Cloudflare headers and traversal a. curl -s -D - www.example.com -o /dev/null 1. Visit your website to confirm using your browser. How to test locally with a Hosts file
How to test with basic commands Unix command line tools curl for HTTP: $ curl -vso /dev/null https://www.vulongtran.com dig for DNS: $ dig www.vulongtran.com traceroute for network: $ traceroute cloudflare.com Cloudflare CDN-CGI Trace: Provides additional request information. http://www.vulongtran.com/cdn-cgi/trace Chrome Developer Tools: https://developer.chrome.com/devtools Chrome extension HTTP Headers: https://chrome.google.com/webstore/search-extensions/http%20headers fl=4f50 h=vulongtran.com ip=2400:cb00:f00d:5ca1:5de6:39e9:e420:57e3 ts=1418940964.884 visit_scheme=http uag=Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 colo=SJC spdy=off 0 $ dig +short TXT vulongtran.com "123456789-1234567"
Troubleshooting tips
No traffic is on Cloudflare What happened: CNAME: Traffic may be routing to a root domain or other A record Full Domain: Customer has not turned Cloudflare on for the subdomain What can you do: CNAME: For root domains add a redirect to www on your origin server; for all other A records – change to a CNAME Full Domain: Make sure the cloud is toggled to orange (not grey) Test the subdomain by running a ‘nslookup’ in Windows or ‘dig’ in Linux/Mac
Not seeing traffic through Cloudflare What happened: Full Domain: Name servers have not been propagated yet to Cloudflare name servers What can you do: Full Domain: Wait until Name Servers are propagated. A standard DNS propagation takes 24 - 48 hrs Use www.whatsmydns.net in order to check propagation around the world Contact Cloudflare Support at support.cloudflare.com
Common Cloudflare error messages Cloudflare Support > Knowledge Base > Cloudflare Error Messages Error Code Reason 1001 DNS Resolution Error: Either the customer recently signed up and DNS has not yet propagated, or whomever is managing the DNS has a failure 521 Origin web server refused connection from Cloudflare. Either origin web server is not running, or something is blocking Cloudflare IP addresses 522 Connection timeout to the origin server (30 second default). Cloudflare IPs may be rate limited, web server may be consuming all resources (shared server), or there may be network connectivity issues between web server and Cloudflare 523 Origin server is unreachable. Make certain that the origin IP address for the A record is the same as in the Cloudflare DNS Settings page 524 Cloudflare could make TCP connection but did not receive response from the web server. Long running application or database query is interfering
Information Gathering and Escalation When reporting any errors or questions that require escalation to support@cloudflare.com, the most helpful pieces of information to provide to Cloudflare are: • RayID [All 52x Errors] • URI requested [All 52x Errors and Performance] • Traceroute/MTR from impacted location/machine [Network/Performance, 521, 522, and 523 errors] • HAR File (HTTP Archive File) [520 and 524 errors] • Test Links from http://webpagetest.org/ [Performance] Please be sure to include the above information to avoid repeated communication and secure the quickest resolution time possible.
Common Troubleshooting Commands
Common Troubleshooting Commands • Command Line Interface (CLI) commands to use: • dig (DNS Tool) • cURL (HTTP Tool) • MTR/Traceroute (Network Tool) • HTTP Archive Files (HAR) • Web Page Performance Test Sites: • Web Page Test
Using DIG (Domain Information Groper) dig is a command line tool similar to nslookup that is used to run DNS queries and check DNS records for a given domain/website. The schema of this command is: dig <recordtype> <domainname> <options> Here are example commands that can be used to lookup the DNS information of a given website: dig example.com dig example.com +trace dig NS example.com
Example DIG Outputs
Using cURL cURL is a command line tool use to transmit data using URL syntax. Specifically with Cloudflare Support, this command is used to make HTTP requests and compare server responses. The schema for this command is: curl –option1 –option2 http://www.vulongtran.com/url Here are some example cURL commands used to check server responses: curl –svo /dev/null http://www.vulongtran.com/ curl –svo /dev/null --user-agent “USERAGENTSTRING” http://www.vulongtran.com/ curl –svo /dev/null --header “Host: www.vulongtran.com” http://ORIGINIP/ curl –svo /dev/null --header http://www.vulongtran.com --resolve www.vulongtran.com:80:ORIGINIP More detailed instructions here Using cURL with Cloudflare
Example cURL Output
Using MTR/Traceroute MTR/Traceroutes are network based command line tools used to measure performance/latency on a particular path to a given host/destination. Here are examples of both commands: mtr -rwc 30 IPADDRESS/HOSTNAME traceroute IPADDRESS/HOSTNAME
Example MTR Output
Generating a HAR File A HAR file is a recording of HTTP requests ran from a web browser. Here is an example of a recording being done from within Chrome’s dev tools: Instructions can be found on Cloudflare’s KB: How do I generate a HAR File?
Getting more involved with Cloudflare • Blog: Continual updates on the Company, product features, and service/industry news. • Knowledge Base: Collection of Support, technical, and reference articles on Cloudflare’s service suite. • Status Page: Live feed of any ongoing events on Cloudflare’s network/services. • Community: A place for Cloudflare users to engage with each other and with Cloudflare staff.
Thank you!

Recommended

Fast parallel data loading with the bulk API
Fast parallel data loading with the bulk APIFast parallel data loading with the bulk API
Fast parallel data loading with the bulk APISalesforce Developers
 
CloudHub Load Balancers (SLB & DLB) | MuleSoft Mysore Meetup #21
CloudHub Load Balancers (SLB & DLB) | MuleSoft Mysore Meetup #21CloudHub Load Balancers (SLB & DLB) | MuleSoft Mysore Meetup #21
CloudHub Load Balancers (SLB & DLB) | MuleSoft Mysore Meetup #21MysoreMuleSoftMeetup
 
SAP Solution Manager - Netweaver on HANA Monitoring Setup Part 1 of 3 (Prepar...
SAP Solution Manager - Netweaver on HANA Monitoring Setup Part 1 of 3 (Prepar...SAP Solution Manager - Netweaver on HANA Monitoring Setup Part 1 of 3 (Prepar...
SAP Solution Manager - Netweaver on HANA Monitoring Setup Part 1 of 3 (Prepar...Linh Nguyen
 
Laravel
LaravelLaravel
Laraveltanveerkhan62
 
Laravel ppt
Laravel pptLaravel ppt
Laravel pptMayank Panchal
 
Kong API
Kong APIKong API
Kong APIPatrick Pierson
 
Guía de instalación del servicio ftp en windows server 2008
Guía de instalación del servicio ftp en windows server 2008Guía de instalación del servicio ftp en windows server 2008
Guía de instalación del servicio ftp en windows server 2008Michelle Gutierrez
 
Solution Manager 7.2 SAP Monitoring - Part 3 - Managed System Configuration
Solution Manager 7.2 SAP Monitoring - Part 3 - Managed System ConfigurationSolution Manager 7.2 SAP Monitoring - Part 3 - Managed System Configuration
Solution Manager 7.2 SAP Monitoring - Part 3 - Managed System ConfigurationLinh Nguyen
 

Recommended

Fast parallel data loading with the bulk API
Fast parallel data loading with the bulk APIFast parallel data loading with the bulk API
Fast parallel data loading with the bulk APISalesforce Developers
 
CloudHub Load Balancers (SLB & DLB) | MuleSoft Mysore Meetup #21
CloudHub Load Balancers (SLB & DLB) | MuleSoft Mysore Meetup #21CloudHub Load Balancers (SLB & DLB) | MuleSoft Mysore Meetup #21
CloudHub Load Balancers (SLB & DLB) | MuleSoft Mysore Meetup #21MysoreMuleSoftMeetup
 
SAP Solution Manager - Netweaver on HANA Monitoring Setup Part 1 of 3 (Prepar...
SAP Solution Manager - Netweaver on HANA Monitoring Setup Part 1 of 3 (Prepar...SAP Solution Manager - Netweaver on HANA Monitoring Setup Part 1 of 3 (Prepar...
SAP Solution Manager - Netweaver on HANA Monitoring Setup Part 1 of 3 (Prepar...Linh Nguyen
 
Laravel
LaravelLaravel
Laraveltanveerkhan62
 
Laravel ppt
Laravel pptLaravel ppt
Laravel pptMayank Panchal
 
Kong API
Kong APIKong API
Kong APIPatrick Pierson
 
Guía de instalación del servicio ftp en windows server 2008
Guía de instalación del servicio ftp en windows server 2008Guía de instalación del servicio ftp en windows server 2008
Guía de instalación del servicio ftp en windows server 2008Michelle Gutierrez
 
Solution Manager 7.2 SAP Monitoring - Part 3 - Managed System Configuration
Solution Manager 7.2 SAP Monitoring - Part 3 - Managed System ConfigurationSolution Manager 7.2 SAP Monitoring - Part 3 - Managed System Configuration
Solution Manager 7.2 SAP Monitoring - Part 3 - Managed System ConfigurationLinh Nguyen
 
Web server architecture
Web server architectureWeb server architecture
Web server architectureTewodros K
 
Laravel Tutorial PPT
Laravel Tutorial PPTLaravel Tutorial PPT
Laravel Tutorial PPTPiyush Aggarwal
 
Microsoft Azure Odoo SSO Integration
Microsoft Azure Odoo SSO IntegrationMicrosoft Azure Odoo SSO Integration
Microsoft Azure Odoo SSO IntegrationSerpent Consulting Services Pvt. Ltd
 
Web Application Deployment
Web Application DeploymentWeb Application Deployment
Web Application Deploymentelliando dias
 
How to hana_sso_kerberos
How to hana_sso_kerberosHow to hana_sso_kerberos
How to hana_sso_kerberosraghavendrarao gaddipati
 
Microsoft Web Technology Stack
Microsoft Web Technology StackMicrosoft Web Technology Stack
Microsoft Web Technology StackLushanthan Sivaneasharajah
 
SAP ABAP web services creation.
SAP ABAP web services creation. SAP ABAP web services creation.
SAP ABAP web services creation. Anjali Rao
 
Instalación del servidor web en windows server 2008
Instalación del servidor web en windows server 2008Instalación del servidor web en windows server 2008
Instalación del servidor web en windows server 2008Michelle Gutierrez
 
Toronto Virtual Meetup #7 - Anypoint VPC, VPN and DLB Architecture
Toronto Virtual Meetup #7 - Anypoint VPC, VPN and DLB ArchitectureToronto Virtual Meetup #7 - Anypoint VPC, VPN and DLB Architecture
Toronto Virtual Meetup #7 - Anypoint VPC, VPN and DLB ArchitectureAlexandra N. Martinez
 
SAP Integration: Best Practices | MuleSoft
SAP Integration: Best Practices | MuleSoftSAP Integration: Best Practices | MuleSoft
SAP Integration: Best Practices | MuleSoftMuleSoft
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityNexThoughts Technologies
 
IBM APIc API security protection mechanism
IBM APIc API security protection mechanismIBM APIc API security protection mechanism
IBM APIc API security protection mechanismShiu-Fun Poon
 
Laravel Lab
Laravel LabLaravel Lab
Laravel LabLeo Nguyen
 
Restful api design
Restful api designRestful api design
Restful api designMizan Riqzia
 
Service everywhere using oracle integration repository
Service everywhere using oracle integration repositoryService everywhere using oracle integration repository
Service everywhere using oracle integration repositoryPavan B
 
Introduction To Docker
Introduction To DockerIntroduction To Docker
Introduction To DockerDr. Syed Hassan Amin
 
Asp.net
Asp.net Asp.net
Asp.netDinesh kumar
 
#APIOps- Agile API Development powered by API Connect
#APIOps- Agile API Development powered by API Connect#APIOps- Agile API Development powered by API Connect
#APIOps- Agile API Development powered by API Connectpramodvallanur
 
Flow builder pros and cons
Flow builder pros and consFlow builder pros and cons
Flow builder pros and consMelissa Shook
 
Webhook
WebhookWebhook
WebhookMohit Bishnoi
 
What’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product LaunchesWhat’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product LaunchesCloudflare
 
Locking Down CF Servers
Locking Down CF ServersLocking Down CF Servers
Locking Down CF ServersColdFusionConference
 

More Related Content

What's hot

Web server architecture
Web server architectureWeb server architecture
Web server architectureTewodros K
 
Web Application Deployment
Web Application DeploymentWeb Application Deployment
Web Application Deploymentelliando dias
 
SAP ABAP web services creation.
SAP ABAP web services creation. SAP ABAP web services creation.
SAP ABAP web services creation. Anjali Rao
 
Instalación del servidor web en windows server 2008
Instalación del servidor web en windows server 2008Instalación del servidor web en windows server 2008
Instalación del servidor web en windows server 2008Michelle Gutierrez
 
Toronto Virtual Meetup #7 - Anypoint VPC, VPN and DLB Architecture
Toronto Virtual Meetup #7 - Anypoint VPC, VPN and DLB ArchitectureToronto Virtual Meetup #7 - Anypoint VPC, VPN and DLB Architecture
Toronto Virtual Meetup #7 - Anypoint VPC, VPN and DLB ArchitectureAlexandra N. Martinez
 
SAP Integration: Best Practices | MuleSoft
SAP Integration: Best Practices | MuleSoftSAP Integration: Best Practices | MuleSoft
SAP Integration: Best Practices | MuleSoftMuleSoft
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityNexThoughts Technologies
 
IBM APIc API security protection mechanism
IBM APIc API security protection mechanismIBM APIc API security protection mechanism
IBM APIc API security protection mechanismShiu-Fun Poon
 
Restful api design
Restful api designRestful api design
Restful api designMizan Riqzia
 
Service everywhere using oracle integration repository
Service everywhere using oracle integration repositoryService everywhere using oracle integration repository
Service everywhere using oracle integration repositoryPavan B
 
#APIOps- Agile API Development powered by API Connect
#APIOps- Agile API Development powered by API Connect#APIOps- Agile API Development powered by API Connect
#APIOps- Agile API Development powered by API Connectpramodvallanur
 
Flow builder pros and cons
Flow builder pros and consFlow builder pros and cons
Flow builder pros and consMelissa Shook
 

What's hot (20)

Web server architecture
Web server architectureWeb server architecture
Web server architecture
 
Laravel Tutorial PPT
Laravel Tutorial PPTLaravel Tutorial PPT
Laravel Tutorial PPT
 
Microsoft Azure Odoo SSO Integration
Microsoft Azure Odoo SSO IntegrationMicrosoft Azure Odoo SSO Integration
Microsoft Azure Odoo SSO Integration
 
Web Application Deployment
Web Application DeploymentWeb Application Deployment
Web Application Deployment
 
How to hana_sso_kerberos
How to hana_sso_kerberosHow to hana_sso_kerberos
How to hana_sso_kerberos
 
Microsoft Web Technology Stack
Microsoft Web Technology StackMicrosoft Web Technology Stack
Microsoft Web Technology Stack
 
SAP ABAP web services creation.
SAP ABAP web services creation. SAP ABAP web services creation.
SAP ABAP web services creation.
 
Instalación del servidor web en windows server 2008
Instalación del servidor web en windows server 2008Instalación del servidor web en windows server 2008
Instalación del servidor web en windows server 2008
 
Toronto Virtual Meetup #7 - Anypoint VPC, VPN and DLB Architecture
Toronto Virtual Meetup #7 - Anypoint VPC, VPN and DLB ArchitectureToronto Virtual Meetup #7 - Anypoint VPC, VPN and DLB Architecture
Toronto Virtual Meetup #7 - Anypoint VPC, VPN and DLB Architecture
 
SAP Integration: Best Practices | MuleSoft
SAP Integration: Best Practices | MuleSoftSAP Integration: Best Practices | MuleSoft
SAP Integration: Best Practices | MuleSoft
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring Security
 
IBM APIc API security protection mechanism
IBM APIc API security protection mechanismIBM APIc API security protection mechanism
IBM APIc API security protection mechanism
 
Laravel Lab
Laravel LabLaravel Lab
Laravel Lab
 
Restful api design
Restful api designRestful api design
Restful api design
 
Service everywhere using oracle integration repository
Service everywhere using oracle integration repositoryService everywhere using oracle integration repository
Service everywhere using oracle integration repository
 
Introduction To Docker
Introduction To DockerIntroduction To Docker
Introduction To Docker
 
Asp.net
Asp.net Asp.net
Asp.net
 
#APIOps- Agile API Development powered by API Connect
#APIOps- Agile API Development powered by API Connect#APIOps- Agile API Development powered by API Connect
#APIOps- Agile API Development powered by API Connect
 
Flow builder pros and cons
Flow builder pros and consFlow builder pros and cons
Flow builder pros and cons
 
Webhook
WebhookWebhook
Webhook
 

Similar to How to test if Cloudflare is running live for your website

What’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product LaunchesWhat’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product LaunchesCloudflare
 
Using aphace-as-proxy-server
Using aphace-as-proxy-serverUsing aphace-as-proxy-server
Using aphace-as-proxy-serverHARRY CHAN PUTRA
 
Dynamic Content Acceleration: Lightning Fast Web Apps with Amazon CloudFront ...
Dynamic Content Acceleration: Lightning Fast Web Apps with Amazon CloudFront ...Dynamic Content Acceleration: Lightning Fast Web Apps with Amazon CloudFront ...
Dynamic Content Acceleration: Lightning Fast Web Apps with Amazon CloudFront ...Amazon Web Services
 
Cf Summit East 2018 Scaling ColdFusion
Cf Summit East 2018 Scaling ColdFusionCf Summit East 2018 Scaling ColdFusion
Cf Summit East 2018 Scaling ColdFusionmcollinsCF
 
"Running CF in a Shared Hosting Environment"
"Running CF in a Shared Hosting Environment""Running CF in a Shared Hosting Environment"
"Running CF in a Shared Hosting Environment"webhostingguy
 
Designing High Availability for HashiCorp Vault in AWS
Designing High Availability for HashiCorp Vault in AWSDesigning High Availability for HashiCorp Vault in AWS
Designing High Availability for HashiCorp Vault in AWS☁ Bryan Krausen
 
Secure Content Delivery Using Amazon CloudFront
Secure Content Delivery Using Amazon CloudFrontSecure Content Delivery Using Amazon CloudFront
Secure Content Delivery Using Amazon CloudFrontAmazon Web Services
 
DirectShare Quick Start Setup Guide
DirectShare Quick Start Setup GuideDirectShare Quick Start Setup Guide
DirectShare Quick Start Setup GuideChristian Petrou
 
Using Docker in the Real World
Using Docker in the Real WorldUsing Docker in the Real World
Using Docker in the Real WorldTim Haak
 
AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront
AWS Webcast - Best Practices for Content Delivery using Amazon CloudFrontAWS Webcast - Best Practices for Content Delivery using Amazon CloudFront
AWS Webcast - Best Practices for Content Delivery using Amazon CloudFrontAmazon Web Services
 
Best practices for content delivery using amazon cloud front
Best practices for content delivery using amazon cloud frontBest practices for content delivery using amazon cloud front
Best practices for content delivery using amazon cloud frontAmazon Web Services
 
How To Securely Set Up Shipyard 2.0.10 with TLS on CoreOS
How To Securely Set Up Shipyard 2.0.10 with TLS on CoreOSHow To Securely Set Up Shipyard 2.0.10 with TLS on CoreOS
How To Securely Set Up Shipyard 2.0.10 with TLS on CoreOSVEXXHOST Private Cloud
 
Docker Security workshop slides
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slidesDocker, Inc.
 
New Products Overview: Use Cases and Demos
New Products Overview: Use Cases and DemosNew Products Overview: Use Cases and Demos
New Products Overview: Use Cases and DemosCaitlin Magat
 
New Products Overview: Use Cases and Demos
New Products Overview: Use Cases and DemosNew Products Overview: Use Cases and Demos
New Products Overview: Use Cases and DemosCloudflare
 
Config Management Camp 2015 - How to Deploy CFEngine in the Open Internet
Config Management Camp 2015 - How to Deploy CFEngine in the Open InternetConfig Management Camp 2015 - How to Deploy CFEngine in the Open Internet
Config Management Camp 2015 - How to Deploy CFEngine in the Open InternetCFEngine
 
Configuring vpc-dns 1479227864 (2)
Configuring vpc-dns 1479227864 (2)Configuring vpc-dns 1479227864 (2)
Configuring vpc-dns 1479227864 (2)Appa Akhade
 
LASCON 2013 - AWS CLoud HSM
LASCON 2013 - AWS CLoud HSM LASCON 2013 - AWS CLoud HSM
LASCON 2013 - AWS CLoud HSM Oleg Gryb
 

Similar to How to test if Cloudflare is running live for your website (20)

What’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product LaunchesWhat’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product Launches
 
Locking Down CF Servers
Locking Down CF ServersLocking Down CF Servers
Locking Down CF Servers
 
Using aphace-as-proxy-server
Using aphace-as-proxy-serverUsing aphace-as-proxy-server
Using aphace-as-proxy-server
 
Dynamic Content Acceleration: Lightning Fast Web Apps with Amazon CloudFront ...
Dynamic Content Acceleration: Lightning Fast Web Apps with Amazon CloudFront ...Dynamic Content Acceleration: Lightning Fast Web Apps with Amazon CloudFront ...
Dynamic Content Acceleration: Lightning Fast Web Apps with Amazon CloudFront ...
 
Cf Summit East 2018 Scaling ColdFusion
Cf Summit East 2018 Scaling ColdFusionCf Summit East 2018 Scaling ColdFusion
Cf Summit East 2018 Scaling ColdFusion
 
"Running CF in a Shared Hosting Environment"
"Running CF in a Shared Hosting Environment""Running CF in a Shared Hosting Environment"
"Running CF in a Shared Hosting Environment"
 
Designing High Availability for HashiCorp Vault in AWS
Designing High Availability for HashiCorp Vault in AWSDesigning High Availability for HashiCorp Vault in AWS
Designing High Availability for HashiCorp Vault in AWS
 
Secure Content Delivery Using Amazon CloudFront
Secure Content Delivery Using Amazon CloudFrontSecure Content Delivery Using Amazon CloudFront
Secure Content Delivery Using Amazon CloudFront
 
DirectShare Quick Start Setup Guide
DirectShare Quick Start Setup GuideDirectShare Quick Start Setup Guide
DirectShare Quick Start Setup Guide
 
Using Docker in the Real World
Using Docker in the Real WorldUsing Docker in the Real World
Using Docker in the Real World
 
AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront
AWS Webcast - Best Practices for Content Delivery using Amazon CloudFrontAWS Webcast - Best Practices for Content Delivery using Amazon CloudFront
AWS Webcast - Best Practices for Content Delivery using Amazon CloudFront
 
Best practices for content delivery using amazon cloud front
Best practices for content delivery using amazon cloud frontBest practices for content delivery using amazon cloud front
Best practices for content delivery using amazon cloud front
 
How To Securely Set Up Shipyard 2.0.10 with TLS on CoreOS
How To Securely Set Up Shipyard 2.0.10 with TLS on CoreOSHow To Securely Set Up Shipyard 2.0.10 with TLS on CoreOS
How To Securely Set Up Shipyard 2.0.10 with TLS on CoreOS
 
Docker Security workshop slides
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slides
 
New Products Overview: Use Cases and Demos
New Products Overview: Use Cases and DemosNew Products Overview: Use Cases and Demos
New Products Overview: Use Cases and Demos
 
New Products Overview: Use Cases and Demos
New Products Overview: Use Cases and DemosNew Products Overview: Use Cases and Demos
New Products Overview: Use Cases and Demos
 
Config Management Camp 2015 - How to Deploy CFEngine in the Open Internet
Config Management Camp 2015 - How to Deploy CFEngine in the Open InternetConfig Management Camp 2015 - How to Deploy CFEngine in the Open Internet
Config Management Camp 2015 - How to Deploy CFEngine in the Open Internet
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
 
Configuring vpc-dns 1479227864 (2)
Configuring vpc-dns 1479227864 (2)Configuring vpc-dns 1479227864 (2)
Configuring vpc-dns 1479227864 (2)
 
LASCON 2013 - AWS CLoud HSM
LASCON 2013 - AWS CLoud HSM LASCON 2013 - AWS CLoud HSM
LASCON 2013 - AWS CLoud HSM
 

Recently uploaded

原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查ydyuyu
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiMonica Sydney
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理F
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Balliameghakumariji156
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoilmeghakumariji156
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdfMatthew Sinclair
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理F
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...kajalverma014
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdfMatthew Sinclair
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtrahman018755
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdfMatthew Sinclair
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查ydyuyu
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样ayvbos
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfJOHNBEBONYAP1
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrHenryBriggs2
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasDigicorns Technologies
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsMonica Sydney
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsMonica Sydney
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制pxcywzqs
 

Recently uploaded (20)

原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 

How to test if Cloudflare is running live for your website

  • 1. How to test if Cloudflare is running live What you and your team should know Vu Long Tran, Customer Success
  • 2. What we’ll cover: How-To Better Integrate with Cloudflare Step 1 - Local Testing Step 2 - Subdomain Testing - Internet Wide How do I know Cloudflare is active on my site? Troubleshooting/ Validating Cloudflare Common Troubleshooting Commands
  • 3. How do I know Cloudflare is active on my site?
  • 4. How do I know Cloudflare is active on my site? Response: An easy way to confirm Cloudflare is active and resolving your site is to run a DNS lookup with a command like dig or nslookup. Here is an example command you can run: dig vulongtran.com +trace You can also use a third party site to check the site’s DNS like https://www.whatsmydns.net/ If Cloudflare is active, the site should resolve from Cloudflare IPs as a result of activation and using its services. <Provide output of dig command here to show the customer if the site is resolving from CF IPs>
  • 5. Cloudflare Trace Verify a site is running through Cloudflare. You can choose to run Cloudflare trace in your web browser: eg. vulongtran.com (replace this with your domain name) www.vulongtran.com/cdn-cgi/trace Response example you should see (if it is running on Cloudflare): fl=35f98 h=www.vulongtran.com ip=2406:3000:11:1022:292e:8f4c:eabe:8684 ts=1490256258.534 visit_scheme=http uag=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 colo=SIN spdy=off http=http/1.1 loc=SG support@cloudflare.com
  • 6. Claire - Cloudflare Plugin for Chrome You can also use a Chrome extension called Claire that can be used to quickly verify sites using Cloudflare Grey cloud sites are not utilizing our services and orange clouds are utilizing Cloudflare
  • 7. Check CF-Ray Response Header with Claire support@cloudflare.com
  • 8. Check CF-Ray Response Header using Developer Tools https://developer.chrome.com/devtools support@cloudflare.com
  • 9. Check CF-Cache-Status Response Header support@cloudflare.com - For cached objects you will also see CF-Cache-Status response Header
  • 10. HTTP Headers - Chrome Browser plugin support@cloudflare.com
  • 11. STEP 2 - Subdomain Testing - Internet Wide How to test if it is working locally STEP 1 - Local Testing
  • 12. Overview - Routing through Cloudflare requires a DNS settings change support@cloudflare.com Full Cloudflare’s robust, global and fast DNS becomes your authoritative DNS provider. Pros: ● Cloudflare accelerates & protects your apex (root) domain along with subdomains ● Leverages Cloudflare’s network for DNS which is very fast, highly available, and resilient to DNS based attacks. Cons: ● Changing the authoritative provider is not always possible for organizations. CNAME You keep your primary DNS provider and link individual subdomains to Cloudflare. Pros: ● Involves small change and allows only subdomains to be sent through Cloudflare Cons: ● We cannot protect your apex (root) domain ● An attacker may overwhelm your authoritative DNS provider which will cause all DNS functions to fail including the CNAME to Cloudflare There are two ways to connect to Cloudflare:
  • 13. STEP 1 - Local Testing How to test if it is working locally
  • 14. ## # Host Database ## 127.0.0.1 localhost ... 198.41.209.86 example.com 198.41.209.86 www.example.com 198.41.209.86 secure.example.com Cloudflare IP addresses: The Cloudflare IP address must be valid for the domain/zone being tested. They can be found by testing the DNS resolution for any orange-clouded DNS record in the domain, or by a Cloudflare employee. 1. Open your Host File a. Windows 8 (As Admin): C:WindowsSystem32Driversetchosts b. OSX: /private/etc/hosts 1. Put in a Valid Cloudflare IP Address assigned for your domain/subdomain 1. You may need to flush the OS DNS Cache a. Windows: ipconfig /flushdns b. OSX: How to Flush OSX DNS 1. You may need to flush the browser DNS Cache: a. Chrome: In Chrome URL bar type: chrome://net-internals/#dns b. Safari: From Safari Menu Select: Safari > Empty Cache. 1. Check CF-RAY response header as described on slides above How-To test locally using your Hosts file support@cloudflare.com
  • 15. 1. Find Cloudflare IPs assigned to your domain Requires to do DNS lookup on orange clouded subdomain *(If you don’t have an orange clouded subdomain you can create a test subdomain, eg. test.vulongtran.com which can be orange clouded) Run the following command: for Mac: dig www.vulongtran.com.cdn.cloudflare.net for Windows: nslookup www.vulongtran.com.cdn.cloudflare.net example of response: ;; ANSWER SECTION: www.vulongtran.com.cdn.cloudflare.net. 300 IN A 104.28.18.100 www.vulongtran.com.cdn.cloudflare.net. 300 IN A 104.28.19.100 1. Put one of Cloudflare IPs from response above for your domain/subdomain into Hosts file and save it 1. Flush the OS DNS Cache and Flush the browser DNS Cache 1. Check the CF-RAY response header as described in slides above support@cloudflare.com How-To test locally using your Hosts file
  • 16. STEP 2 - Subdomain Testing - Internet Wide How to test if it is working locally
  • 17. Adding Subdomain - Internet Wide support@cloudflare.com 1. Enable Cloudflare (orange clouded) for one of the testing subdomains in order to perform internet wide testing, eg. test.vulongtran.com 1. Route Public DNS queries for the subdomain to Cloudflare performing in one the two ways below: a. If using a 3rd party as Authoritative DNS, then create a CNAME record which points to Cloudflare: eg. test.vulongtran.com CNAME to test.vulongtran.com.cdn.cloudflare.net b. If using Cloudflare as Authoritative DNS, then orange cloud subdomain record, eg. test.example.com 3. Check the CF-RAY response header as described in slides above Make sure for performing this test any Local testing configuration should be cleared out
  • 18. Adding Subdomain under Cloudflare UI support@cloudflare.com
  • 19. How-To Better Integrate with Cloudflare Whitelist Cloudflare IPs to ensure your firewalls are not blocking our services
  • 20. Preparing your network ● Configure firewalls to prevent access to your servers, load balancers, and other infrastructure from non- Cloudflare IP addresses This means whitelisting Cloudflare IPs in your Access Control List to prevent rate-limiting or false positives from any intrusion detection systems. ● Prevents attackers from recording/recognizing the “fingerprints” of your hardware when probing your IPs Restoring original user IP addresses ● HTTP requests will be coming from Cloudflare, instead of the actual users. Cloudflare adds “CF- Connecting-IP” and standard “X-Forwarded-For” headers to all request ● Nginx, Apache, and IIS configs to switch the logged IP are available. ● You can find out how to easily restore the originating IP address here! How-To Better Integrate with Cloudflare
  • 22. Cloudflare Custom Headers Cloudflare provides custom headers and cookies for debugging, visitor information and improved security. Header How we use it Example value CF-Ray This Cloudflare specific header is a unique identifier for every request passing through Cloudflare and is used primarily for debugging. 13b9eb04dff503dc-DFW CF-IPCountry The standard identifying header for the originating protocol of an HTTP request. Cloudflare may communicate with a web server using HTTP even if the request to the reverse proxy is HTTPS. US Cookie How we use it Example value cfduid This cookie is used by Cloudflare to apply security decisions to users that may share the same IP address (such as in a coffee shop). It does not correspond to any user id, nor does the cookie store any personally identifiable information. d88dfb702206c2326978 0….115252
  • 23. Cloudflare Custom Headers Cloudflare adds host headers to supplement the redirect standards. You may also need to restore the originating IPs. (Here’s How) Header How we use it Example value X-Forwarded-For The standard identifying header for the originating IP address of a client connecting through an HTTP proxy. 173.245.57.22 X-Forwarded-Proto The standard identifying header for the originating protocol of an HTTP request. Cloudflare may communicate with a web server using HTTP even if the request to the reverse proxy is HTTPS. https CF-Connecting-IP This Cloudflare specific header is also used for identifying the originating IP address of a client connecting to your web server through Cloudflare. 173.245.57.22 CF-Visitor This Cloudflare specific header is also used for identifying the originating protocol of an HTTP Request. {"scheme":"https"}
  • 24. ## # Host Database ## 127.0.0.1 localhost ... 198.41.209.86 example.com 198.41.209.86 www.example.com 198.41.209.86 Cloudflare IP addresses: The Cloudflare IP address must be valid for the domain/zone being tested. They can be found by testing the DNS resolution for any orange-clouded DNS record in the domain, or by a Cloudflare employee. 1. Open your Host File a. Windows 8 (As Admin): C:WindowsSystem32Driversetchosts b. OSX: /private/etc/hosts 1. Put in a Valid Cloudflare IP Address for your domain or subdomain 1. You may need to flush the OS DNS Cache a. Windows: ipconfig /flushdns b. OSX: How to Flush OSX DNS 2. You may need to flush the browser DNS Cache: a. Chrome: In Chrome URL bar type: chrome://net-internals/#dns a. Safari: From Safari Menu Select: Safari > Empty Cache. 1. Use curl to confirm Cloudflare headers and traversal a. curl -s -D - www.example.com -o /dev/null 1. Visit your website to confirm using your browser. How to test locally with a Hosts file
  • 25. How to test with basic commands Unix command line tools curl for HTTP: $ curl -vso /dev/null https://www.vulongtran.com dig for DNS: $ dig www.vulongtran.com traceroute for network: $ traceroute cloudflare.com Cloudflare CDN-CGI Trace: Provides additional request information. http://www.vulongtran.com/cdn-cgi/trace Chrome Developer Tools: https://developer.chrome.com/devtools Chrome extension HTTP Headers: https://chrome.google.com/webstore/search-extensions/http%20headers fl=4f50 h=vulongtran.com ip=2400:cb00:f00d:5ca1:5de6:39e9:e420:57e3 ts=1418940964.884 visit_scheme=http uag=Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 colo=SJC spdy=off 0 $ dig +short TXT vulongtran.com "123456789-1234567"
  • 27. No traffic is on Cloudflare What happened: CNAME: Traffic may be routing to a root domain or other A record Full Domain: Customer has not turned Cloudflare on for the subdomain What can you do: CNAME: For root domains add a redirect to www on your origin server; for all other A records – change to a CNAME Full Domain: Make sure the cloud is toggled to orange (not grey) Test the subdomain by running a ‘nslookup’ in Windows or ‘dig’ in Linux/Mac
  • 28. Not seeing traffic through Cloudflare What happened: Full Domain: Name servers have not been propagated yet to Cloudflare name servers What can you do: Full Domain: Wait until Name Servers are propagated. A standard DNS propagation takes 24 - 48 hrs Use www.whatsmydns.net in order to check propagation around the world Contact Cloudflare Support at support.cloudflare.com
  • 29. Common Cloudflare error messages Cloudflare Support > Knowledge Base > Cloudflare Error Messages Error Code Reason 1001 DNS Resolution Error: Either the customer recently signed up and DNS has not yet propagated, or whomever is managing the DNS has a failure 521 Origin web server refused connection from Cloudflare. Either origin web server is not running, or something is blocking Cloudflare IP addresses 522 Connection timeout to the origin server (30 second default). Cloudflare IPs may be rate limited, web server may be consuming all resources (shared server), or there may be network connectivity issues between web server and Cloudflare 523 Origin server is unreachable. Make certain that the origin IP address for the A record is the same as in the Cloudflare DNS Settings page 524 Cloudflare could make TCP connection but did not receive response from the web server. Long running application or database query is interfering
  • 30. Information Gathering and Escalation When reporting any errors or questions that require escalation to support@cloudflare.com, the most helpful pieces of information to provide to Cloudflare are: • RayID [All 52x Errors] • URI requested [All 52x Errors and Performance] • Traceroute/MTR from impacted location/machine [Network/Performance, 521, 522, and 523 errors] • HAR File (HTTP Archive File) [520 and 524 errors] • Test Links from http://webpagetest.org/ [Performance] Please be sure to include the above information to avoid repeated communication and secure the quickest resolution time possible.
  • 32. Common Troubleshooting Commands • Command Line Interface (CLI) commands to use: • dig (DNS Tool) • cURL (HTTP Tool) • MTR/Traceroute (Network Tool) • HTTP Archive Files (HAR) • Web Page Performance Test Sites: • Web Page Test
  • 33. Using DIG (Domain Information Groper) dig is a command line tool similar to nslookup that is used to run DNS queries and check DNS records for a given domain/website. The schema of this command is: dig <recordtype> <domainname> <options> Here are example commands that can be used to lookup the DNS information of a given website: dig example.com dig example.com +trace dig NS example.com
  • 35. Using cURL cURL is a command line tool use to transmit data using URL syntax. Specifically with Cloudflare Support, this command is used to make HTTP requests and compare server responses. The schema for this command is: curl –option1 –option2 http://www.vulongtran.com/url Here are some example cURL commands used to check server responses: curl –svo /dev/null http://www.vulongtran.com/ curl –svo /dev/null --user-agent “USERAGENTSTRING” http://www.vulongtran.com/ curl –svo /dev/null --header “Host: www.vulongtran.com” http://ORIGINIP/ curl –svo /dev/null --header http://www.vulongtran.com --resolve www.vulongtran.com:80:ORIGINIP More detailed instructions here Using cURL with Cloudflare
  • 37. Using MTR/Traceroute MTR/Traceroutes are network based command line tools used to measure performance/latency on a particular path to a given host/destination. Here are examples of both commands: mtr -rwc 30 IPADDRESS/HOSTNAME traceroute IPADDRESS/HOSTNAME
  • 39. Generating a HAR File A HAR file is a recording of HTTP requests ran from a web browser. Here is an example of a recording being done from within Chrome’s dev tools: Instructions can be found on Cloudflare’s KB: How do I generate a HAR File?
  • 40. Getting more involved with Cloudflare • Blog: Continual updates on the Company, product features, and service/industry news. • Knowledge Base: Collection of Support, technical, and reference articles on Cloudflare’s service suite. • Status Page: Live feed of any ongoing events on Cloudflare’s network/services. • Community: A place for Cloudflare users to engage with each other and with Cloudflare staff.