DNS + Edge Basics
Validates that the public site responds through Cloudflare and that the core diagnostic endpoints are available.
Open Lab 1 notesRedirects + Canonical Routing
Validates HTTP-to-HTTPS redirects, apex-to-www canonical routing, app subdomain routing, and /app path normalization.
Open Lab 2 notesPages + Functions
Validates that the Pages site, app route, and Pages Function endpoint are responding correctly.
Open Lab 3 notesCache Behavior
Validates static asset caching, dynamic no-store behavior, and cache troubleshooting headers.
Open Lab 4 notesWAF Custom Rules
Validates that the public site remains reachable while the protected /admin path is blocked by Cloudflare WAF.
Open Lab 5 notesRate Limiting
Sends a short burst of requests to /api/login and validates that Cloudflare rate limiting or challenge behavior is triggered.
Open Lab 6 notesR2 Private Asset
Validates that the R2-backed test asset is not publicly readable directly and returns the expected protected response.
Open Lab 7 notesZero Trust Access and Tunnel
Runs the DNS and Cloudflare Access redirect checks. Note: the Cloudflare Tunnel must be manually started before full live private-app validation can pass.
Open Lab 8 notesWAF Exception Workflow
Validates that normal /upload traffic is allowed while suspicious upload traffic with attack=true is blocked by the tuned WAF rule.
Open Lab 9 notesCloudflare Triage Runbook
Prints the final troubleshooting workflow for DNS, redirects, headers, cache, WAF, rate limiting, R2, and Zero Trust.
Open Lab 10 notes
verification-console
$ Ready. Choose a lab verification check from the left.