If you're working with Optimizely DXP, you're probably already aware that it uses Cloudflare under the hood to deliver performance and security to your applications. It does a fantastic job out of the box.
However, our clients often come back with: "What if my organization already uses Cloudflare? How can I use my own Web Application Firewall (WAF) rules or custom page rules without conflicting with Optimizely's setup?"
These are legitimate questions. Historically, stacking two CDNs or proxy layers could lead to a routing nightmare. But fortunately, Optimizely supports a feature called Bring Your Own Cloudflare Zone, often referred to in the industry as Orange-to-Orange (O2O).
Today, I'll walk you through a step-by-step setup to show you just how easy it is to enable it.
Step 1: Verify your compatibility in the PaaS Portal
Before we touch anything in our DNS settings, we need to confirm if our DXP environment is already provisioned for this feature.
First, log into the Optimizely PaaS Portal and navigate to the Hostnames tab for your environment.
Expand the DNS record for your domain (e.g., www.yourdomain.com). Look closely at the top right of that expanded section. You are looking for a label that says "Full zone:" followed by a record ending in .dxp.optimizely.com.
If you see this dxp.optimizely.com target, congratulations! Your zone is already compatible and ready to go. If you don't see this, don't panic - you simply need to raise a quick support ticket with Optimizely to have them enable the O2O compatibility for your environment.
Step 2: Flipping the switch in Cloudflare
Once you've confirmed that your DXP environment is compatible, the rest is a breeze.
Head over to your own Cloudflare dashboard and manage the DNS settings for your domain. Find the CNAME record for your hostname (e.g., www) and change its target to the exact "Full zone" address you found in the PaaS portal during Step 1.
Make sure the proxy status is toggled on (the famous "Orange Cloud").
And voilà! That's it. It might take a few moments for the DNS changes to propagate, but your traffic is now routing smoothly from your Cloudflare zone directly into Optimizely's Cloudflare zone - Orange to Orange.
The Magic: Why do this?
You might be wondering why we'd go through the trouble of adding our own Cloudflare zone in front of Optimizely's. Simply put, doing this unlocks your own Cloudflare panel, meaning the possibilities are virtually limitless.
By taking control of the edge, you can now leverage:
-
Custom WAF Rules: Tailor your Web Application Firewall exactly to your organization's strict security compliance requirements.
-
Advanced Bot Management: Deploy Cloudflare's bot-fighting features to stop scrapers and malicious automated traffic before it even touches your DXP origin.
-
Custom Page Rules & Redirects: Handle complex redirect maps, caching overrides, and edge-level logic without needing to deploy code changes or rely on Optimizely support.
-
Image Resizing & Optimization: Utilize Cloudflare Polish and edge-level image transformations to serve the most optimized media to your users.
-
Zero Trust & Access: Put specific preview or pre-production environments behind Cloudflare Access, requiring corporate SSO authentication to even view the site.
In short, it gives power back to your internal IT and security teams while maintaining all the platform benefits of Optimizely DXP.
If you are running an enterprise setup on Optimizely, setting up O2O is highly recommended. Try it out, and let me know how it goes!