Cloudflare Integration with DSpace Backend

78 views
Skip to first unread message

UALibraries WebServices

unread,
Nov 11, 2025, 3:34:15 PMNov 11
to DSpace Technical Support

Dear DSpace Community,

I hope this message finds you well.

I am currently exploring ways to enhance security and performance for a DSpace instance and am considering the use of Cloudflare in the backend. Before proceeding, I wanted to check if anyone in the community has experience implementing Cloudflare with DSpace.

Specifically, I am interested in:

  • Whether Cloudflare has been successfully integrated with DSpace.
  • Any configuration tips or best practices you can share.
  • Potential challenges or limitations encountered during implementation.

If you have implemented this or have any insights, I would greatly appreciate your guidance.

Thank you for your time and support!

Best regards,
Maryam Fayazi

mw...@iu.edu

unread,
Nov 12, 2025, 9:44:02 AMNov 12
to dspac...@googlegroups.com
On Tue, Nov 11, 2025 at 08:34:15PM +0000, UALibraries WebServices wrote:
> I am currently exploring ways to enhance security and performance for a DSpace instance and am considering the use of Cloudflare in the backend. Before proceeding, I wanted to check if anyone in the community has experience implementing Cloudflare with DSpace.

Cloudflare does a lot of different things. You might get more useful
answers if you explain in more detail what you are trying to do and
how you think Cloudflare can help with that.

--
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
library.indianapolis.iu.edu
signature.asc

mrwer...@gmail.com

unread,
Nov 12, 2025, 8:04:37 PMNov 12
to DSpace Technical Support
DSpace has an Apache Solr, Postgres, and Java backend. How would you run those with Cloudflare?

UALibraries WebServices

unread,
Nov 13, 2025, 11:15:03 AMNov 13
to DSpace Technical Support

Hello Mark,

Thanks for your email. We are attempting to implement CloudFlare Turnstile and have successfully implemented the front-end bot challenge widget. However, we need to implement server-side verification, so if a bot attempts to directly access the backend to download a PDF, it will check to see if the client has a valid Cloudflare Turnstile token to access the resource.

Sincerely yours,
Maryam Fayazi

UALibraries WebServices

unread,
Nov 25, 2025, 1:58:25 PM (3 days ago) Nov 25
to DSpace Technical Support
Dear DSpace Community,

Right now, we have Turnstile successfully integrated into the DSpace frontend, including both the frontend widget and the backend verification. We are running the Turnstile backend verification service as a separate process from the DSpace backend, and it is used to validate users accessing the DSpace frontend.

However, the DSpace backend public APIs (e.g., /api/core/collections/, /api/core/items/, etc.) are still open and can be accessed directly, which allows bots to scrape the content.

We would like to implement Turnstile verification for the DSpace backend APIs as well, in order to protect them from unauthorized external clients and bot traffic—without disrupting legitimate access from the DSpace frontend. How can we achieve this?

Sincerely,

Maryam Fayazi



Reply all
Reply to author
Forward
0 new messages