1001 error when receiving requests from CNAME on a 3rd party domain

Hello everyone!

I am trying to set up a webserver that would handle requests with any “Host” header. The gist of nginx config looks like this:

server {
listen 80 default_server;
listen 443 default_server ssl;
server_name DEFAULT_DOMAIN;

}

I set up a subdomain CNAME pointing to that server and it works for that (i.e., TEST_DEFAULT_DOMAIN).

However, when we tried setting up a CNAME for a different domain not hosted by cloudflare, OTHER_DOMAIN, opening it returns error 1001 by cloudflare.

Below is my troubleshooting so far:

  1. dig OTHER_DOMAIN looks good:

;; ANSWER SECTION:
OTHER_DOMAIN. 4144 IN CNAME DEFAULT_DOMAIN.
DEFAULT_DOMAIN. 300 IN A 172.67.68.188
DEFAULT_DOMAIN. 300 IN A 104.26.14.45
DEFAULT_DOMAIN. 300 IN A 104.26.15.45

  1. curl <origin-IP> --basic --user "user:pass" --header "Host: OTHER_DOMAIN" looks good too:
    Result is html produced by the origin server. As far as I understand, it means that the origin server is configured properly.

  2. curl DEFAULT_DOMAIN --basic --user "user:pass" --header "Host: OTHER_DOMAIN" produces error 1001. Apparently it means, that the error is caused by cloudflare in some way.

Interestingly enough, curl DEFAULT_DOMAIN --basic --user "user:pass" --header "Host: TEST_DEFAULT_DOMAIN" works well and produces the expected result.

  1. curl OTHER_DOMAIN or opening OTHER_DOMAIN in a browser also results in error 1001. It makes me think, that CNAME is configured properly.

I also tried removing basic authentication from the origin server to no avail.

Any suggestions please?

Thank you in advance!

What happens on the DNS side is that OTHER_DOMAIN will ultimately resolve to one or more IP addresses. Now the browser knows where to send HTTP requests. However, the fact that there is a CNAME to your DEFAULT_DOMAIN doesn’t carry over from the DNS lookup to the actual HTTP request. In the HTTP request, the “Host” header will be set to OTHER_DOMAIN, which Cloudflare doesn’t know anything about. You would either need to configure this domain separately in Cloudflare or disable proxying (grey cloud).

What is your domain?

Hi svanlund! Thank you for your response. Yes, it makes perfect sense, although I was hoping that it’s not the case :slight_smile: It certainly looks like cloudflare treats Host header as if it’s passed for it, not origin server.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.