Firewall Enable DoS Protection - I have to turn it off for cloudflare / emby to work.

[vw-kombi]

I have introduced cloudflare's caching stuff to my domain. I am using nginx on my lan (was always doing that). Everything is working fine (sab, deluge, sonarr, radarr) but my emby server was just getting a black page with 522 errors on the images. I found a web page where someone said on his asus router he had to disable DoS for that to work (base router, not merlin), so i did that and it immediately started working fine.
If I activate DoS again - all emby stops working again - just black screen..

Note - I have been find without cloudflare for ages, but I would like to use it so :

1 - is leaving DoS protection off an issue ?
2 - what is so special about the asus router and this config ? Can this be fixed ?

Thanks in advance.

edit - I found this on the cloudflare website :

Blocking Cloudflare requests is the most common cause of intermittent 522 errors.
When traffic flows through a Cloudflare-enabled website, the origin web server sees all requests as coming from a handful of Cloudflare IP addresses. This can often trigger firewalls and IP rate-limiters to block Cloudflare requests, thinking that the website is under attack. CPHulk (which comes with cPanel) and other services have been known to do this.
To avoid this situation, make sure that:

• Cloudflare IPs are not being blocked in .htaccess, iptables, or your firewall.
• Your hosting provider isn't rate limiting or blocking requests from Cloudflare IPs. Ask the host to whitelist the Cloudflare IP addresses .

In addition, your host provider might wish to disable the rate limiter.

 

[RMerlin]

DoS protection will throttle the rate at which certain packets (such as pings) will be accepted, limiting them to 1 packet per second.