I’m looking into putting CloudFlare out in front of a site so we can block unwanted traffic and have an extra layer of protection from DDoS attacks etc etc. I see that Pantheon recommends we use the “DNS only” approach. I did this and then added my own IP address to be blocked with a firewall rule… but I wasn’t block.
So then some googling and I found this [Firewall Rules on IP address not working - Security - Cloudflare Community] which tells me I have to implement CloudFlare as a proxy instead of DNS only. So it appears I need to use Option 2 [https://pantheon.io/docs/cloudflare] but I’m wary of the affect this will have on cache invalidation… would I then need to do extra work in Drupal to invalidate CloudFlare CDN cache?
Thanks for the pro tips!