Cloudflare setup, security and Workers

What we deliver

The full edge stack, set up correctly.

DNS, WAF, Workers, R2, Pages and Zero Trust — as one coherent configuration.

• DNS, security and WAF

  Clean DNS migration without downtime, WAF rules tailored to your app, Bot Management against credential stuffing and scraping, and rate limiting that doesn't block legitimate users.

• Cloudflare Workers and API routing

  Edge functions for auth, A/B tests, geo-routing, image optimisation and lightweight API endpoints. We write them in TypeScript with tests and deploy via Wrangler in your CI.

• R2, D1 and Hyperdrive

  Object storage without egress fees (R2), serverless SQLite at the edge (D1), and connection pooling for your Postgres (Hyperdrive). Set up with a backup strategy and IaC.

• Zero Trust and Access

  Replace the VPN with Cloudflare Access in front of internal dashboards, Git servers and legacy apps. SSO via Microsoft, Google or Okta, with audit logging and device posture checks.

• Cache strategy and performance

  Correct cache configuration per route, image transformation, Argo Smart Routing, and analysis of what's actually hitting cache. We measure before and after — you get numbers, not marketing.

• Migration from another CDN

  Migration from Akamai, Fastly, AWS CloudFront or Imperva to Cloudflare without lost traffic. We plan the DNS cutover, run in parallel for a period, and monitor the rollout.

FAQ

What people usually ask.

• We already use Cloudflare — can you just optimise it?

  Yes. We typically start with a Cloudflare audit: we review zone settings, WAF rules, cache configuration, Workers and R2/D1 usage. You get a prioritised report of what can be tightened — security-wise, performance-wise and cost-wise — and you can choose to implement it yourself or have us do it.

• Can you migrate us from AWS CloudFront or Fastly?

  Yes, and we've done it several times. We plan the DNS cutover carefully (typically via gradual weighting on Route 53 or NS1), run in parallel for a period so we can roll back if something breaks, and monitor traffic, error rates and cache hits throughout. A typical migration takes 3–6 weeks from first conversation to fully rolled out.

• When do Workers make sense instead of a server?

  Workers are great for things that need to happen close to the user with low latency and no cold starts: auth checks, geo-routing, A/B test logic, image transformations and lightweight API endpoints. They're less suited to long-running operations, heavy database calls without Hyperdrive, or complex transactions involving multiple systems. We assess per use case and gladly mix.

• Can you operate Cloudflare for us on an ongoing basis?

  Yes. We offer a monthly operations agreement where we monitor errors, update WAF rules, maintain Workers, evaluate new Cloudflare products and report quarterly. It's typically cheaper than having an in-house Cloudflare specialist, and you benefit from the experience we get from every other platform we operate.

• Is Cloudflare GDPR-compliant?

  Yes, but it requires correct configuration. Cloudflare offers EU data residency for most products, and we set the zone up so data is processed within the EU where possible. We arrange the data processing agreement with Cloudflare and document the data flow. Note that some features (especially ML-based products) may still involve US infrastructure — we review this with you if you have strict requirements.