If you use your own Cloudflare account for your site here at Kinsta, there are a few things to be aware of when it comes to Cloudflare settings and compatibility with Kinsta’s Cloudflare integration. This article will explain some setting behaviors, including caching, Cloudflare apps, and other Cloudflare services and features.
While some setting types give your Cloudflare account first priority (and the ability to override our Kinsta Cloudflare integration settings), this isn’t true for all features. We’ll do our best to go over each here.
Comparison of Cloudflare Settings With Kinsta’s Cloudflare Integration
|Setting or Feature||Your Cloudflare Account||Kinsta Cloudflare Integration|
|APO||This should work as expected.**||APO isn’t enabled in our Cloudflare integration.|
|Apps||Works.||Apps aren’t used with our Cloudflare integration, but you can use and manage them in your Cloudflare account.|
|Argo Smart Routing||Not supported.||Not enabled.|
|Argo Tunnel||Not supported.||Not supported.|
|Auto Minify||Works||Can be enabled in Cloudflare and Kinsta’s CDN, but there’s no benefit to enabling it in both.|
|Bot Management||This should work as expected.||Not enabled, but can be enabled and managed in your Cloudflare account. Note: A configuration that is too strict may block legitimate traffic.|
|Brotli||Settings ignored.||Enabled and cannot be overwritten by settings in your Cloudflare account.|
|Caching||Works.||Custom caching rules are implemented with our Cloudflare integration. See the Cache Details section below for priority details.|
|Cloudflare Access||This should work as expected.**||Not enabled.|
|Firewall / WAF||Works.||Works. Rules can be in place in both your account and our Cloudflare integration. See the Firewall / WAF Details section below for priority details.|
|Page Rules||Works.||Works, but we don’t set Page Rules for individual sites. Page rules set in your Cloudflare account are applied first in priority.|
|Polish + Webp||Works.||Not enabled.|
|Rocket Loader||Works.||Not enabled, but will work if you turn it on in your Cloudflare account (your account’s settings have priority).|
|SSL||Works.||Free wildcard SSL is installed by default with our Cloudflare integration. You can also upload a custom SSL to Cloudflare (through MyKinsta) if you want.|
|Waiting Room||This should work as expected.**||Not enabled, but can be enabled in your Cloudflare account.|
|Websocket||Not supported.||Not supported.|
|Workers||Works.*||Traffic goes through your Cloudflare account’s Worker as the first priority.|
* It works, but due to the nature of Workers, Kinsta cannot control how your Worker code manipulates the original request or response. This could lead to an error returned from your Worker code directly (not from the Kinsta container).
** Cloudflare has stated it should work, but it hasn’t been tested by Kinsta
You can have your own cache rules in your Cloudflare account, and these should generally work fine with Kinsta’s cache rules. However, there is potential for conflicts, depending on the rules you set in your account.
Cache purging should work both in your Cloudflare account and through MyKinsta (Tools > Clear cache). Note: With an additional layer of cache, you may need to clear cache in multiple places when making changes to your site.
If unexpected cache behavior is seen, open a new chat with our Support team and provide your exact Cloudflare cache settings so we can review and advise.
Firewall / WAF Details
The Firewall / WAF settings in your Cloudflare account are applied first, followed by settings in our Cloudflare integration. This means if we block an IP address, your account’s settings cannot override that, and the request will be blocked by our Cloudflare integration.
You can block an IP address in your Cloudflare account, and it will be blocked and will not make it to our Cloudflare integration. So, you can tighten your firewall / WAF settings beyond what we have configured with our Cloudflare integration, but you cannot loosen settings or allow IP addresses that Kinsta has blocked.