--- title: "Getting started with Acquia Edge powered by Cloudflare" date: "2024-02-14T06:18:38+00:00" summary: "Streamline your Acquia Edge setup with Cloudflare integration. Learn to configure domain and SSL settings for optimal security and performance. Ideal for developers and site administrators." image: type: "page" url: "/acquia-cloud-platform/add-ons/edge/getting-started-acquia-edge-powered-cloudflare" id: "201f68b8-36a7-4b26-9638-52f41473d4e3" --- Important If you are a new customer who started with Acquia Edge after January 1, 2021, see [Understanding a managed CNAME setup](/acquia-cloud-platform/add-ons/edge/edge-cloudflare/managed-cname). The process of getting started with Acquia Edge powered by Cloudflare requires that you prepare your application by making changes to the following settings: * [Configuring your domain settings](#edge-domain-settings) * [Configuring your SSL settings](#edge-ssl-settings) Configuring your domain settings -------------------------------- As part of Acquia Edge, your team must [configure your DNS](/acquia-cloud-platform/add-ons/edge/edge-cloudflare/config#edge-dns-configuration) using either of the following methods: * _Authoritative DNS (Full setup)_ requires you to: * Move your DNS to Acquia Edge which becomes your full, authoritative DNS service. * Add your domain to Acquia Edge and update your name servers to the name servers Acquia Edge provides. * Manually add subdomains to your DNS records with Acquia Edge. For more information, see [Authoritative DNS Implementation](https://www.acquiaacademy.com/learn/course/81/play/510/acquia-cloud-edge-onboarding-authoritative-dns-implementation?hash=4fdbc439c6d057769e12d91927ff3e888608641c&generated_by=13329) on [Acquia Academy](/acquia-academy). * _Partial CNAME setup_ requires: * No changes to your DNS or DNS provider. * Authoritative DNS remains outside of Acquia Edge. * Subdomains (such as `www.domain.com`) point to Acquia Edge using a CNAME record. For more information about this method, see [CNAME DNS Implementation](https://www.acquiaacademy.com/learn/course/81/play/511/acquia-cloud-edge-onboarding-partial-cname-implementation?hash=4fdbc439c6d057769e12d91927ff3e888608641c&generated_by=13329) on [Acquia Academy](/acquia-academy). To send traffic for your bare domain to Acquia Edge, add a [redirect on your webserver](/acquia-cloud-platform/manage-apps/htaccess#redirect-bare-domain-to-www) using a `.htaccess` file to forward traffic to the subdomains you have proxied through Acquia Edge. Limitations of the Partial CNAME setup Domains using the Partial CNAME setup for Acquia Edge have the following limitations: * Distributed denial of service (DDoS) protection for attacks against DNS infrastructure is available only for the domain records you delegate to Acquia Edge. * Security and acceleration benefits are available only for the subdomain records (such as `www.example.com`) you delegate to Acquia Edge. Bare, or root, domains (such as `example.com`) cannot be protected or accelerated using Acquia Edge due to the DNS RFC (Request for Comment) 1033, which requires root domains to use A records instead of CNAMEs. Configuring your SSL settings ----------------------------- When setting up Acquia Edge, your team must configure your SSL settings, and the SSL option you select depends on the nature of your website’s content. Use the information in the following table to help you select the appropriate SSL option for your needs: SSL Option Description **Off** For websites that don’t contain sensitive information (such as a personal blog), the **Off** option will normally suffice, due to secure connections not being required. **Flexible** Acquia does not recommend the **Flexible** option if your website stores any sensitive information.  Although selecting this option may seem to be safe, doing so can lead to security risks. With this setting enabled, a fully-secure connection exists only between the visitor and Acquia Edge; not between Acquia Edge and your origin server.  Visitors will access your website using HTTPS and assume there is a fully-secure connection, which isn’t the case. With the website indicated as secure, a user may share personal or sensitive information, which puts the user at risk of disclosing secure information over an insecure connection. **Full**, **Full (strict)** For use with any website that contains sensitive information. Acquia recommends at least the use of **Full**, if not **Full (strict)**. The **Full (strict)** option is the most secure option because it requires a valid and certificate authority-signed SSL certificate, which ensures the maximum level of certificate authenticity.