One of my customers, using OutSystems Cloud environment, is asking us to protect the Web Application by Cloudflare. The questions I have are:

1) Do we require such firewalls while using OutSystems Cloud environment?

2) If yes, any pointers how can we do it?

3) What is the impact on application? Are code changes required?

Thank you,


Hello Akshay,

Outsystems cloud environments are hosted on AWS unless you have an on-premise installation on your own cloud/infrastructure. 

Please refer the article https://success.outsystems.com/Documentation/11/Managing_the_Applications_Lifecycle/Secure_the_Applications to see the security configurations provided by Outsystems, if it fits within your customer needs , you can configure them accordingly. 

As long as you have built the application following the best practices in terms of security(https://success.outsystems.com/Documentation/Best_Practices/OutSystems_Platform_Best_Practices#Security), you dont have to do any additional code changes. It will be configurations at the infrastructure/environment level which you can do it yourself or get outsystems support to do it for you.

If you have any specific security requirements by your customer which doesn't fit in the above, You can raise a support ticket with outsystems:-)




Customer is looking for more security which is present in cloudflare WAF. Just to confirm, 

  1. we do not have any documentation on how to add an external WAF?
  2. Do we really have to reach out to support for help?