Bypass SSL decryption

Hi all,

Is there any option in which HTTPS traffic is not decrypted but traffic still flows through Cloudflare? I couldn’t find SSL/TLS mode in which SSL session is established directly with our local server.

You could look at Magic Transit. However, any HTTPS inspection and protection requires the traffic to be intercepted and decrypted.


Depending on the use case, there are a few Cloudflare solutions that might be suitable to your needs.

Keyless SSL allows Cloudflare to intercept HTTPS traffic, but they keys are always in your possession. Recent product enhancements here are integration with a range of commonly used HSM offerings.

Regional Services enables you to have your data be processed only in a subset of Cloudflare locations.

But most Cloudflare features require that they decrypt the traffic.


Even this looks to be pretty much “Standard Cloudflare”, but with IP Addresses you own.

Without SSL Decryption, you’re basically left with an old-fashioned firewall. A very strong one, but not very smart.


Thanks all for replies. As I understood, standard Cloudflare protections (like DDoS) cannot be used on HTTPS without decryption, and in “Magic Transit” there is something like low-level firewall.

More like L3/L4 firewall.

1 Like

All of the L7 products (CDN, WAF, HTTP DDoS, Bot Management, etc.) require decryption. Magic Transit still offers L3/L4 DDoS mitigation, as they do not require payload inspection.