We have been trying to setup Authenticated Origin pulls.
We were able to do the following
- Generate IIS Cert Request
- Go and create cert on origin on cloudflare
- install the intermediate cert origin_ca_rsa_root.cer in the intermediate certification authorities
- install the origin cert in IIS
- assign cert to the website.
But users are still able to access the Origin by IP. I feel like we are missing a step. and the cloudflare documentation is not clear about this at all.
We are using IIS 10. Any help would be greatly appreciated. I feel we are missing the part where the web server makes sure the requests are only coming from cloudflare.