We are trying to use Sucuri for its WAF to help us have control over Custom Security Headers for our Webflow projects. However, we continue to get the error in the image. We have configured all the settings that we can and have not been able to resolve this yet. Has anyone else tried to do this? Appreciate all help!
Hey Jacob,
I don’t have any advice regarding Sucuri configurations, but just to mention, you can do this in Cloudflare for free.
Thanks @memetican . We have looked at doing this as well, but this would require moving control of clients DNS over to Cloudflare as well, right? We are trying to avoid doing that.
Yes that’s correct. Cloudflare’s DNS is top-notch and free, but there’s no way to do a “partial” DNS move unless you’re on an enterprise plan.
@memetican We did some testing with this and found that we still not were able to make this work on Cloudflare. Due to having to set DNS to proxy, in order for the Headers to take effect. But then, doing this breaks the site and it is no longer reachable.
Sounds like a configuration issue, probably SSL related.
Finsweet has a public git repo for their reverse proxy build, with notes on the correct SSL-friendly setup. It’s the same config I used when I first encountered on Milkmoon’s agency blog.
If you need some help reviewing it, shouldn’t take more than an hour or two to setup and debug everything fully. Drop me a message and I can give you my details.
