# Configure with CloudFlare CloudFlare is a reverse proxy service that can protect a web server from attacks. This tutorial will configure CloudFlare to protect a Pritunl server. For a secure configuration a valid SSL certificate should be configured on the Pritunl server which can be easily done with Let's Encrypt. Once a valid SSL certificate is configured on the Pritunl server enable *Allow Reverse Proxy* in the server settings and set the *Web Console Port* to *443*. ![](/files/BGzQGGwHh82GnRBfli1r) After the Pritunl server is configured enable CloudFlare for the Pritunl DNS entry in the CloudFlare settings. ![](/files/qXisUS9XDnKWlVhYY2kK) In the *Crypto* tab set *SSL* to *Full (strict)* if a valid SSL certificate is configured on the Pritunl server or *Full* if a self signed certificate is used. ![](/files/RqedjV8oX7tD9smNb2z7) In the *Firewall* tab disable *Browser Integrity Check* under\_ Web Application Firewall\_ settings. ![](/files/PiH8QXACtKTzSMEUJ4gb) Once configured CloudFlare will help protect the Pritunl server from attacks. Further restrictions such as IP ranges can also be added to improve the security of the server. ### CloudFlare IP Ranges It is import to configure the firewall of the Pritunl server to only allow access from CloudFlares IP ranges. If this is not done an attacker could attack the IP address of the Pritunl server directly avoiding any of the protections provided by CloudFlare. The [CloudFlare IP Ranges can be found here](https://www.cloudflare.com/ips/). ### Configuration Sync When configuring load balancing the clients will not be able to access the hosts directly to sync the configuration. This is fixed by setting the *Sync Address* in the host settings to the domain name used on CloudFlare. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.pritunl.com/kb/vpn/system/cloudflare.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.