Proxy your Kinde auth pages through Cloudflare

You can take advantage of Cloudflare’s advanced security features such as their WAF and bot mitigation tools by proxying your Kinde hosted auth pages through Cloudflare.

What you need

Link to this section

• A Cloudflare account
• A domain managed in Cloudflare

Set up the custom domain

Link to this section

1. Set up a custom domain in your Kinde business, see Use your own custom domain.
2. Set up DNS records for the domain in Cloudflare. We will change this from DNS once the records have been validated. DNS validation confirms the record before we set the proxy.

Set up the proxy

Link to this section

Once you receive the email that the custom domain has been set up in Kinde, go to Cloudflare and change the custom domain record from DNS only to Proxied.

Important

Leave the ACME challenge record as DNS. This is used to verify domain ownership each time the certificate needs to be renewed and cannot be proxied.

Important

Ensure your encryption mode in the Cloudflare dashboard is set to either Full or Full (strict). For security purposes, Kinde enforces HTTPS on it’s web services, which means Flexible or Off will not work.

Create a Cloudflare Managed Challenge

Link to this section

To test the proxied domain, create a WAF rule to show a Cloudflare Managed Challenge on all incoming requests.

For example, create a rule to match the hostname of the custom domain used in Kinde and the request originating from Australia. The action is to show a Managed Challenge.