CloudFlare and E-commerce sites

We get a number of questions about using CloudFlare with e-commerce sites in customer service. CloudFlare works great at making e-commerce sites faster and protecting them against attacks. I thought I would try to address many of the key questions in a handy guide that you can use to reduce the probability of having issues with your e-commerce site.

Immediate steps after installing CloudFlare

Whitelist CloudFlare's IP addresses

You should make sure that you don't have any rules in your .htacess or iptables that are blocking CloudFlare's requests from our IPs. If you have other security solutions in place prior to joining CloudFlare, these may interfere with CloudFlare's ability to connect to your site. Whitelisting our IP ranges will help avoid "Site Offline" messages caused when we cannot reach your server from our network. You can find
the current list of CloudFlare's IPs in our FAQ.

Restoring Original Visitor IP

CloudFlare works as a reverse proxy, which means traffic passes through our network where it is cleaned and accelerated before being passed on to your origin server. This means that, by default, your server will usually see a CloudFlare IP. Since e-commerce sites have a lot of reasons to see a visitor's original IP (e.g., preventing credit card fraud, customizing content based on a visitor's geo location, etc.), sites using CloudFlare can benefit from using one of the quick and easy techniques to show visitor IPs to server logs. All our hosting provider partners have already installed mod_cloudflare, or an equivalent, so if you're using one of them you should be set.

SSL and CloudFlare

Since traffic passes through CloudFlare before going to your origin server, if you use SSL on your site you'll either need to set it up on a domain that isn't proxied through CloudFlare, or we'll need to install a
SSL certificate for your domain on our network. We've worked with one of the oldest certificate authority partners to make SSL certs that work on our network easy and inexpensive. The full process for SSL and CloudFlare is outlined here.


While CloudFlare will generally get many common subdomain records during
the process in which you add a domain, customized subdomains may not be picked up and you should make sure that these are correctly added in your CloudFlare DNS settings. In other words, if you have some part of your site hosted at, just make sure you add it when you first set up your site.

Some frequently asked questions or concerns from e-commerce site owners

1. Will dynamic content be affected using CloudFlare?

CloudFlare will not hurt dynamic content performance at all. Since CloudFlare only caches static
, such as images and CSS, we wouldn't cause any issues for HTML or PHP. In fact, our system was written to be able to optimize dynamic content with options like minification on the fly without slowing it down or
requiring it to be cached. This means any changes you make to your content are reflected immediately on your site.

2. Will IP geolocation work with CloudFlare?

CloudFlare includes the geo location of visitors in the header of every request so if you don't already run a geo location database you can extract this information and begin using it. If you already do geo location based on IPs, you can continue it exactly as before as long as you are on one of CloudFlare's hosting provider partners or you are using one of the quick and easy techniques to retrieve your visitor's original IP address.

3. How does CloudFlare cache content?

CloudFlare caches static
based on the file extension of the content (for example, images and css on your site). So your company's logo will get cached, but if you update the pricing or an item's description on your site it will show up immediately. We quickly detect even changes to static files like images, but if you ever need to clear the cache you can do so with a single
click of the "Purge Cache" button on the CloudFlare

Thousands of e-commerce sites use CloudFlare to better sell goods online. If you have any questions about your particular site, don't hesitate to contact us with any questions.