For starters, dbFront works very well when running behind Cloudflare. The dbFront demo site (https://demo.dbFront.com) is protected by Cloudflare and it doubles as our final test server so we regularly validate that things are working as they should.
The only known issue is if the SSL/TLS encryption mode at Cloudflare is set to "Flexible". With the encryption mode set to "Flexible", the client uses HTTPS but the webserver sees HTTP.
Specifically, the "Flexible" encryption mode becomes a problem when setting up Single-Sign-on on Azure. Azure requires an HTTPS return Url but dbFront will specify HTTP because its connection is not encrypted. Azure will reject the return Url and block the authentication attempt. The solution is to install an SSL certificate and switch the encryption mode to "Full".