This article shows you how to configure Cloudflare Load Balancing to gradually route traffic to the Cequence Unified API Protection (UAP) platform. You'll use weighted pools to control what percentage of requests go to Cequence versus your existing servers, allowing you to safely test and scale your API protection coverage.

What you'll accomplish

By the end of this guide, you'll have a Cloudflare Load Balancer that can:

• Route a controlled percentage of traffic to Cequence UAP (starting with 5%)
• Send the remaining traffic directly to your origin servers (95%)
• Automatically fail over to your origin servers if Cequence becomes unavailable
• Optionally route specific API endpoints (like /login) to Cequence while leaving others unchanged

Why use this approach

Gradual traffic shifting through load balancing is the recommended strategy for onboarding to Cequence UAP because it:

• Enables incremental traffic shifts (start with 5% to Cequence, 95% to origin)
• Provides clear separation between protected and unprotected traffic
• Allows you to adjust percentages over time or fail back if needed
• Lets you validate performance under low load before scaling to full coverage

How traffic flows

When a request arrives at Cloudflare:

1. Cloudflare receives the request through your DNS
2. The load balancer randomly assigns the request to either Cequence UAP (5%) or your origin servers (95%)
3. If routed through Cequence, UAP analyzes the request for threats and forwards clean traffic to your origin
4. If Cequence becomes unavailable, all traffic automatically routes to your origin servers

Prerequisites

Before you begin, ensure you have:

Cloudflare requirements:

• Your domain managed in Cloudflare DNS
• An active Cloudflare Load Balancing subscription that supports:
  • One load balancer
  • At least two pools (one for Cequence, one for your origin)
  • At least two endpoints (Cequence's hostname plus your origin server)

Cequence requirements:

• Your Cequence UAP tenant hostname (provided by Cequence)
• Access to your Cequence dashboard to verify traffic

Core concepts

Understanding these components will help you configure and manage your setup:

Pools: Logical groups of servers. You'll create two pools - one containing Cequence UAP and one containing your origin servers.

Endpoints: Individual servers within each pool. Your Cequence pool will have one endpoint (the Cequence hostname), while your origin pool may have one or more servers.

Health monitors: Automated checks that verify if endpoints are responding properly. Each pool needs its own monitor with appropriate health check settings.

Traffic steering: The method Cloudflare uses to decide which pool gets each request. You'll use "Random (weighted)" steering to control percentages.

Pool weights: Numbers that determine what percentage of traffic goes to each pool. For example, weight 0.05 for Cequence = 5% of traffic.

Configuration steps

Step 1: Create health monitors

Health monitors ensure Cloudflare only routes traffic to available endpoints.

1. Navigate to Load Balancing > Monitors
2. Click Create Monitor

For Cequence UAP:

• Name: Cequence-Monitor
• Type: HTTPS
• Path: /.stealth-check
• Port: 443
• Don't verify SSL/TLS certificates: Checked (this prevents certificate validation issues)

Click Save.

For your origin servers:
If you don't already have a monitor for your origin, create one with settings appropriate for your infrastructure (typically HTTPS with a path like /health or /status).

Step 2: Create pools

Pools group your endpoints and define how traffic distributes within each group.

Create the Cequence UAP pool:

1. Navigate to Load Balancing > Pools
2. Click Create Pool
3. Configure:
   • Pool Name: cequence-uap
   • Pool Description: Cequence API Protection
   • Endpoint Steering: Random
   • Endpoints:
     • Name: defender-entrypoint
     • Address: Your Cequence tenant hostname (e.g., partnerdemo2.1.cequence.cloud)
     • Port: Leave blank
     • Weight: 1
   • Health Threshold: 1 (with only one endpoint, it must be healthy for the pool to be healthy)
   • Monitor: Select the Cequence monitor you created
   • Health Check Regions: Choose regions near your users

Click Save.

Create the origin pool:
If you don't already have a pool for your origin servers, create one following similar steps but using your origin server details and appropriate health check settings.

Step 3: Create the load balancer

1. Navigate to Load Balancing and click Create Load Balancer
2. Select your website and click Next
3. Configure basic settings:
   • Hostname: Your API's public hostname (e.g., api.yourdomain.com)
   • Cloudflare proxy: Enabled (orange cloud ON)
   • Description: API Load Balancer with Cequence UAP
   • Session Affinity: Disabled (recommended)
   • Adaptive Routing: Enabled (for automatic failover)

Click Save.

Step 4: Configure pools and traffic steering

Add pools:

1. Select both pools from the dropdown:
   • Cequence UAP pool
   • Origin pool
2. Set Fallback pool to your origin pool
3. Click Next

Configure traffic steering:

1. Select Random steering
2. Set pool weights:
   • Cequence UAP pool: 0.05 (5% of traffic)
   • Origin pool: 0.95 (95% of traffic)
3. Click Next

Custom rules (optional):
Skip this section for now - we'll cover path-based routing later. Click Next.

Review and deploy:

1. Review your configuration
2. Click Save and Deploy to make it live

Step 5: Verify the setup

1. Check Cloudflare dashboard: Your load balancer should show a green checkmark indicating it's active
2. Monitor Cequence traffic: In your Cequence dashboard, go to Discovery > Live Activity. You should see approximately 5% of your total traffic appearing here
3. Test functionality: Make several requests to your API and verify they work normally

Optional: Path-based routing

Path-based routing lets you send specific API endpoints to Cequence while leaving others untouched. This is useful when you want to protect only certain routes initially.

Important: Custom rules override weighted steering. If a request matches a custom rule, the rule takes precedence over your 5%/95% split.

Example: Route login endpoints to Cequence

1. Edit your load balancer configuration
2. In the Custom Rules section, click Create Rule
3. Configure the rule:
   • Rule name: Login endpoints to Cequence
   • Condition: URI Path equals /v2/auth/login
   • Action: Override pools
   • Pool: Select your Cequence UAP pool
4. Save the rule and redeploy your load balancer

With this rule, 100% of /v2/auth/login requests go to Cequence, while other paths follow your weighted steering (5% to Cequence, 95% to origin).

Scaling your deployment

Once you've validated that everything works correctly with 5% traffic:

Gradually increase traffic:

1. Edit your load balancer configuration
2. Adjust pool weights in increments (e.g., 5% → 20% → 50% → 100%)
3. Monitor performance and error rates at each step
4. Ensure your origin servers can handle the redistributed load

Monitor key metrics:

• Traffic volume in Cequence Live Activity
• Response times and error rates
• Origin server performance
• Cloudflare health check status

Rollback options:

• Set Cequence pool weight to 0 for immediate traffic shift to origin
• Disable the Cequence pool entirely
• Health monitors automatically route traffic to origin if Cequence becomes unavailable

Troubleshooting

No traffic appears in Cequence:

• Verify your pool weights add up correctly
• Check that the Cequence pool shows as healthy in Cloudflare
• Confirm your Cequence hostname is correct

High error rates:

• Check Cequence health monitor status
• Verify your origin servers can handle current load
• Review any custom rules that might be affecting traffic

Performance issues:

• Monitor response times in both Cloudflare and Cequence dashboards
• Consider adjusting health check regions
• Temporarily reduce Cequence traffic percentage while investigating

This configuration provides a solid foundation for gradually onboarding your API traffic to Cequence UAP while maintaining the flexibility to adjust, monitor, and roll back as needed.