DNS, Cloudflare proxy, and origin reachability
Established the foundational hostname and Cloudflare DNS/proxy configuration so the site could be reached through Cloudflare rather than directly through the origin.
Open Lab 1Cloudflare hosted project
Cloudflare SE Lab Project
Edge, DNS, routing, Pages, Functions, cache behavior, security controls, R2 object access, and Zero Trust private application access in one clean lab site.
This project demonstrates a progressively built Cloudflare lab environment for validating DNS, proxy behavior, redirects, Cloudflare Pages, Pages Functions, static assets, response headers, diagnostics, cache-related behavior, WAF enforcement, rate limiting, private object access, and identity-aware application protection.
9
Completed labs
3
Utility pages
1
Cloudflare Pages site
Edge
Cloudflare delivery model
Completed Lab Summaries
Each lab has its own dedicated page with demonstrable content where applicable, plus both a technical summary and a customer-facing explanation.
Redirect behavior and hostname consolidation
Implemented and validated redirect behavior so traffic could be routed cleanly from the app hostname to the canonical web hostname and path.
Open Lab 2Cloudflare Pages and Pages Functions
Added Cloudflare Pages hosting and validated static routing, application paths, and serverless Pages Function responses.
Open Lab 3Cache, headers, static assets, and diagnostics
Isolated cache and diagnostic content into a dedicated lab so cache testing does not sprawl across unrelated landing, app, or previous lab pages.
Open Lab 4WAF custom rules and security events
Protected an exposed admin path at the Cloudflare edge using a WAF custom rule, validated the block with curl, and reviewed Security Events to prove the rule fired.
Open Lab 5Rate limiting and API abuse protection
Protected the login API endpoint from abusive request bursts using a Cloudflare Rate Limiting Rule, then validated enforcement with repeated curl requests.
Open Lab 6R2 object storage behind a Worker
Stored a private object in Cloudflare R2 and used a Worker as the controlled access layer to enforce a simple header-based authorization check.
Open Lab 7Zero Trust Access and Cloudflare Tunnel
Published a private local application through Cloudflare Tunnel and protected it with Cloudflare Access so identity is verified before the app is reached.
Open Lab 8WAF exception and false positive workflow
Tuned a broad WAF block into a narrower rule so legitimate upload traffic is allowed while suspicious requests remain blocked.
Open Lab 9Static asset check
This verifies that the static asset link is clean. There should be no trailing backslash after
/static/logo.txt.