Cloudflare App

🚧

Cloudflare Apps will be sunset soon

Cloudflare Apps are deprecated.

We recommend you to follow the Cloudflare Worker guide instead for new installations.

This module is dedicated to be used on Cloudflare, using the App with Workers feature.

Installation

Prerequisites

Protect your traffic

  1. Connect to your Cloudflare console .
  2. Select the website you can to protect.
  3. Click on Apps at the lower left side of the console.
Go the the Apps page.

Go the the Apps page.

  1. Click on Search Apps.
 Select Search Apps field.

Select Search Apps field.

  1. Search for DataDome.
  2. Click on the the app, then on Preview on your site .
Go to the DataDome App presentation page.

Go to the DataDome App presentation page.

📘

Identify your DataDome account with OAuth

We recommend to use OAuth to identify your DataDome account.
Refer to this section for an alternative solution.

  1. Click on Login or Register to link your existing DataDome account to your Cloudflare account or to create a new account on DataDome.
Login or Register with OAuth.

Login or Register with OAuth.

  1. Enter your DataDome credentials to log in or sign up.
Sign up to DataDome.

Sign up to DataDome.

  1. Click on Install on all pages button found at the bottom of the page.

Congrats! You can now see your traffic in your DataDome dashboard.

Configuration

Access advanced for both server-side options and client-side options in the App Editor by checking the Optional settings boxes.

Advanced app options.

Advanced app options.

Refer to the next Settings section for the full list of possible configuration settings.

Settings

Server-side settingDescriptionRequiredDefault
Server-side keyYour DataDome server side key, found in your Dashboard.Yes""
TimeoutThe request timeout to DataDome API, in millisecondsNo300
Static assets URI exclusion regex for Server-side detectionRegular expression to exclude URIs from the DataDome analysis. Only executed for GET and HEAD requests.OptionalList of excluded static assets below
URL inclusion regex for Server-side detectionRegular expression to include URIs in the DataDome analysed traffic
(ex. "/https:\/\/sub\.domain\.com\/my\/path/i")
Optional""
URL exclusion regex for Server-side detectionRegular expression to exclude hostnames from the DataDome analysis
(ex: "/https:\/\/sub\.domain\.com\/my\/path/i")
Optional""
IPs exclusion for server-side detectionList of IPs. The traffic sent from these IPs will not be sent to DataDome.
ex: ["192.168.0.1", "192.168.0.2"]
Optional""
GraphQL supportIf checked, extract GraphQL operation name and type on request to a /graphqlendpoint to improve the protection.Optionalfalse
Enable DataDome logsIf checked, some debug information about our API response is added inside a new header X-DataDome-log.Optional - for debug purposes only
/\.(avi|flv|mka|mkv|mov|mp4|mpeg|mpg|mp3|flac|ogg|ogm|opus|wav|webm|wep|bmp|gif|ico|jpeg|jpg|png|svg|svgz|swf|eot|otf|ttf|woff|woff2|css|less|js)$/i
Client-side settingDescriptionRequiredDefault
Client-side keyYour DataDome client-side key, found in your DashboardYes""
Client-side advanced optionsJSON object describing JS Tag options.No""
URL exclusion regex for Client-side detectionRegular expression to not add the JS Tag to the pages matching the URL pattern.
(ex: "/https:\/\/sub\.domain\.com\/my\/path/i")
Optional""
URL inclusion regex for Client-side detectionRegular expression to add the JS Tag to the pages matching the URL pattern.(ex: "/https:\/\/sub\.domain\.com\/my\/path/i")Optional""
Client-side tag URLURL of the JS Tag. Change default value to include the tag as a first party.Optional""
Client-side endpoint URLURL of the JS Tag endpoint. Change default value to include the tag as a first party.Optional""

Update

  1. Connect to your Cloudflare console and go to the Apps section.
  2. Click on Your installed Apps.
  3. If there is a new version of DataDome available, click on Update.
Go to the Installed Apps page.

Go to the Installed Apps page.

  1. Verify your settings.
  2. Click on Save changes on all pages.

Congrats! Your app is updated!

Your changes have been saved.

Your changes have been saved.

FAQ

How can I configure the JS Tag to support AJAX calls?

DataDome requires the configuration of a listener to protect AJAX calls.

To do so, configure the value of Client-side Protection Options as follow:

  • Configuration of the listener for a single endpoint:
{ "ajaxListenerPath" : "domain/api"}
  • Configuration of the listener for multiple endpoints:
{ "ajaxListenerPath" : ["domain1/api", "domain2", "domain3"] }

How can I disable the rate limiting feature of my Cloudflare site DataDome module is activated?

📘

Burst rate

Accounts using the Workers free plan are subject to a burst rate limit of 1000 requests per minute.

DataDome module relies on Cloudflare Worker technology.
When used on websites with a lot of traffic, it may trigger an internal Cloudflare limit for Workers.

This can be inspected in Cloudflare firewall events.

If you are impacted by this limitation, please contact the Cloudflare support in order to lift this limit on your account:

  1. Log in your account.
  2. Click on the Support drop-down menu.
Support drop-down menu.

Support drop-down menu.

  1. Log in your Cloudflare support site.
  2. Select My Activities & Requests to access the Submit a Request button.
My activities and requests button.

My activities and requests button.

  1. Click on Get additional help.
Click to file a support ticket.

Click to file a support ticket.

  1. Create a new support ticket with a clear summary (ex: Rate Limiting on Cloudflare app).
Set a clear summary for the ticket.

Set a clear summary for the ticket.

  1. Fill in the description with an explanation text such as the example below:
Hello,

We enabled DataDome Cloudflare app on our domain.

To make sure that Cloudflare rate limiting feature will not affect the behavior of this app
(blocking subrequests to its web servers).
Could you please disable the rate limiting feature for all requests toward the host 
api-cloudflare.datadome.co?
  
This is a known issue regarding workers embedded in apps, that has already been handled by Cloudflare
support for other DataDome customers.

Regards,

  1. Review your content and submit the ticket.

How can I avoid OAuth to login on DataDome?

Enter the server-side and client-side keys found in your Dashboard in the appropriate fields.

579

Enter the DataDome keys.