Cloudflare Web Application Firewall - Customer FAQ

Cloudflare Web Application Firewall - Customer FAQ

Why is Jonas Sports introducing Cloudflare now?

As part of our ongoing commitment to security, performance, and compliance, we are implementing Cloudflare protection across all Jonas Sports webstores. The threat landscape is evolving, and so are industry standards. This change is a proactive step to ensure your store is protected and remains performant during both routine trading and high-traffic events such as kit launches.

Is this a response to PCI DSS 4.0?

Yes. PCI DSS 4.0, which replaces version 3.2.1, introduces stronger expectations around threat prevention and active monitoring. One key requirement is the use of a Web Application Firewall (WAF) to detect and block common web-based attacks. Implementing Cloudflare helps us and you meet these updated requirements.

We strongly recommend that you consult your internal IT or information security teams to understand how this change aligns with your club's PCI responsibilities.

What does Cloudflare provide?

Cloudflare delivers a range of security and performance benefits, including:

  • A Web Application Firewall (WAF) that blocks OWASP Top 10 vulnerabilities

  • Bot protection to prevent credential stuffing and queue abuse

  • DDoS mitigation to ensure uptime during malicious activity

  • Global content delivery to improve page load speeds for your fans

  • Real-time traffic filtering to keep your store secure

Can we opt out of this service?

No. Due to the importance of a consistent, secure infrastructure across the platform, Cloudflare protection will be a mandatory part of the Jonas Sports webstore service. This allows us to meet shared performance and compliance obligations, particularly under PCI DSS 4.0.

What action is required from us?

Changes to your DNS will be required to support the implementation of Cloudflare. Jonas Sports support team will be in touch shortly with the required steps specific to your business. If you would like us to reference a specific Purchase Order (PO) on your invoice, please let us know asap.

What happens if we do not comply with PCI DSS 4.0?

Non-compliance with PCI DSS 4.0 can lead to increased liability, fines, or restrictions from payment processors. Our implementation of Cloudflare helps ensure your store remains compliant with key PCI requirements, reducing your exposure to security and reputational risks.

Why now?

Cyber threats are becoming more sophisticated, and clubs of all sizes are potential targets. By acting now, we are not only improving your site's protection, but also ensuring that you are well-positioned for upcoming compliance milestones. This is about doing the right thing to protect your club, your fans, and your revenue.

    • Related Articles

    • Cloudflare Proxy & Web Application Firewall - customer instructions

      Introduction All web traffic will be routed through the Cloudflare Proxy. End users should not notice any significant differences in their e-commerce experience. We will provide the necessary credentials and coordinate timings with yourselves. No ...
    • Setting Minimum Web Stock Level?

      Setting Minimum Web Stock Level Select Catalogue File Maintenance from the Customer Order Setup menu. Select Web StockLevels. Enter the Cat Code/SID/Description and select Search. Web Stock Available is the calculated amount that you have available ...
    • 3rd Party Cloudflare Instance Recommended Settings

      1x Cache Rules (Recommended) Overriding Edge TTL values for images being hosted from specific paths 1x Response Header Transform Rules (Recommended) Overriding max-age setting for images 3x Web Application Firewall (Optional) Enabled Cloudflare ...
    • Extracting a list of Product Web Descriptions

      This report can be useful if you need to review all of your product web descriptions in a single spreadsheet or if you need to send a list of descriptions to be translated to a different language. To run the Catalogue Extract go to the Reporting Menu ...
    • Click and Collect Web Text

      To update the web text during the customer journey please find below the two areas of the back office where the text can be configured Choosing which branch allows collection Check box on the branch within Branch Maintenance Setting up Web Text Page: ...