Can you use load balancer monitoring with authenticated origin pulls?


I’m trying to figure out why monitor requests from my Cloudflare load balancer at to my host at are not able to validate cloudflare SSL client credentials (authenticated origin pulls).

The load balancer is working but the monitor requests all return 400 due to invalid client SSL. That host is set up with Cloudflare SSL, authenticated origin pulls and the Cloudflare SSL client certificate.

These requests work fine when I use Cloudflare DNS → i.e.

Why are the Cloudflare load balancer monitor requests not authenticating? Are they able to send the proper Cloudflare client credentials? Am I unable to monitor endpoints with the load balancer that are protected by a validate client (Cloudflare) SSL?

I figured this out! For anyone else with this problem consult the answer below from support:

Monitors support authenticated origin pulls by entering the appropriate zone in the “Simulate Zone” field of the UI.
Setting “Simulate Zone” will allow Cloudflare Load Balancing Monitor to emulate the specified zone while probing. It pushes a request from Cloudflare Health Monitors through the Cloudflare stack as if it were a real visitor request to help analyze behavior or validate a configuration.

You could find it under “Advanced health check settings”:


1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.