Who is this article for?
This article is relevant if your organization routes traffic to Frontify through services such as:
Cloudflare
Akamai
Imperva
AWS WAF
Other reverse proxies, content delivery networks (CDNs), or Web Application Firewalls (WAFs)
These services can provide additional security, routing, or compliance controls, but they can also affect how traffic is identified and processed by Frontify.
Why can traffic be blocked?
Frontify protects its infrastructure using its own security controls and Web Application Firewall (WAF).
When traffic reaches Frontify through another proxy or security layer, requests may appear to come from that intermediary service rather than from the original user. In some cases, this can make it more difficult to distinguish legitimate traffic from malicious traffic.
If scans, probes, bot traffic, or other unwanted requests are forwarded through your proxy infrastructure, Frontify may block that traffic to protect the platform and maintain service availability for all customers.
How does this happen?
Normally, traffic flows directly between a user and Frontify:
User → Frontify
When a reverse proxy or WAF is introduced, traffic follows a different path:
User → Your proxy/WAF → Frontify
This means Frontify may see traffic coming from your proxy layer rather than from the original visitor.
While many proxy solutions forward the original client IP address through request headers, these headers cannot always be treated as a trusted source of identity on their own. Depending on how systems are configured, headers may be modified, overwritten, or spoofed before reaching Frontify.
For this reason, Frontify uses multiple signals to protect the platform and does not rely solely on forwarded client IP headers for security decisions.
Why doesn't Frontify simply allowlist proxy IP addresses?
Many proxy providers use shared IP ranges that serve large numbers of customers and applications.
If Frontify broadly excluded those shared IP addresses from security protections, malicious traffic routed through the same infrastructure could bypass important controls.
To maintain platform security and reliability, Frontify applies protections consistently rather than allowlisting entire proxy networks.
How to reduce the risk of blocked traffic
If your organization uses Cloudflare or another proxy service in front of Frontify, we recommend the following:
Avoid proxying Frontify traffic unless necessary: If possible, allow traffic to reach Frontify directly rather than routing it through an additional security layer.
Filter unwanted traffic before forwarding it: If you do use a proxy or WAF, ensure it blocks scans, probes, bot traffic, and other unwanted requests before forwarding traffic to Frontify.
Preserve the original client IP: Where supported, configure your proxy solution to forward the original client IP address to downstream systems. This can help with troubleshooting and traffic analysis.
Limit what is routed through your proxy: Only route the traffic that genuinely requires inspection or additional controls. This reduces the likelihood of unrelated traffic affecting Frontify access.
Review automated scanners and monitoring tools: Security scanners, uptime monitors, and synthetic testing tools can sometimes trigger security protections. Review these services regularly and ensure they are configured appropriately.
What should I do if traffic is being blocked?
If you believe legitimate traffic is being blocked:
Confirm whether traffic is being routed through Cloudflare or another proxy service.
Review whether your proxy is forwarding scans, bot traffic, or other unwanted requests.
Check your proxy configuration to ensure original client information is being preserved where possible.
Contact Frontify Support if the issue persists.
To help us investigate, please include:
The affected hostname or environment
The approximate time the issue occurred
The proxy or WAF provider being used
Relevant request IDs, logs, or sample request headers
This information helps us review the issue more efficiently.
In summary
Using Cloudflare or another reverse proxy in front of Frontify can change how traffic appears to the platform. If malicious or suspicious traffic is forwarded through that setup, Frontify may block it to protect the service.
In most cases, issues can be avoided by carefully configuring your proxy, filtering unwanted traffic before it reaches Frontify, and preserving client identity wherever possible.