# MarfeelCDN and firewalls (or WAF)
MarfeelCDN is compatible with firewalls, although it doesn't provide any itself. Any site using MarfeelCDN can configure a firewall or a WAF server, following those recommendations:
The firewall or WAF server must support the use of a CDN in front of it. Indeed, with a CDN (not specific to Marfeel), all the requests reach the firewall from a given set of IP addresses.
The firewall must allow all Fastly Public IP address ranges (opens new window).
The WAF must whitelist our content extraction user agent,
marfeelman
.
# Resources for WAF servers and DDoS protection systems
Even though all requests reaching the server come from MarfeelCDN, the real origin can be identified. MarfeelCDN forwards to the origin server the following request headers on each request:
req.http.client-ip
req.http.Fastly-Client-IP
req.http.cf-connecting-ip
Security products can use the client IP header to identify threats.