Technical Overview – Cloudflare Enterprise Offer

This document outlines the main features, protections, and optimizations included in the Cloudflare Enterprise offering, as well as available options.

1. Setup and Core Protections

When a website is onboarded to Cloudflare with proxy mode enabled, the following actions are automatically applied:

  • Masking of origin server IP to enhance security
  • Static content caching (images, JavaScript, CSS) via the global CDN
  • DDoS protection, with automatic mitigation of common attack patterns
  • Web Application Firewall (WAF) with pre-configured security rules to block suspicious traffic with:
    • Cloudflare Managed Ruleset
    • Cloudflare OWASP Core Ruleset
    • Cloudflare Leaked credentials Check
  • Automatic image optimization through the Polish feature (see section 3) These measures apply to all traffic routed through Cloudflare and require minimal configuration.

2. Bot and Crawler Traffic Management

Cloudflare does not block verified or “good” bots (such as search engine crawlers) by default. However, traffic surges caused by bots can lead to server overload. Cloudflare Enterprise includes features to control this:

  • Rate Limiting: Define thresholds for request frequency to prevent abuse
  • Custom rules to control bot access or behavior
  • Analytics tools to monitor and fine-tune traffic management

These protections can be adapted based on the website’s usage patterns and technical constraints.

3. Image Optimization – Polish Feature

The Polish feature, included in the Enterprise plan, provides:

  • Automatic image compression (lossless or lossy, depending on configuration)
  • Removal of EXIF metadata (e.g., GPS, device information)
  • CDN-level caching, respecting Cache-Control headers
  • No bandwidth or volume limitations
  • Transparent delivery with no visual impact for users

This optimization helps reduce bandwidth usage and improve page load times.

4. Human Verification and CAPTCHA Challenges

Cloudflare may trigger CAPTCHA or challenge pages when IPs exceed defined thresholds. This is part of its protection system against abusive or suspicious activity.

  • By default, rate-limiting policies can cause temporary challenges for high-frequency users
  • Challenge Passage is available for less intrusive protection
  • Rules can be adjusted to reduce friction for known or trusted visitors

These controls are customizable to balance security and user experience.

The offer is subject to change based on features that Cloudflare may offer in the future, as well as customer feedback and requests.