TLDR: Why doesn’t SaaS domains use the proxied (orange cloud) domain and access the original directly instead?
We have a domain such as
Create an A record (
fallback.example.com) pointing to a cloud hosted backend with the proxy (orange cloud) enabled.
Configure Cloudflare workers to intercept and enhance the
Configure a SaaS record (SSL/TLS > Custom Hostnames) where the fallback origin points to
Configure a SaaS record with a custom hostname for
customer123.comdomain, setup a CNAME DNS record that points to
fallback.example.com(DNS Only – grey cloud).
If you visit
fallback.example.com, the response is valid and includes the modifications from the worker.
If you visit
app.customers123.com (with DNS pointing to
fallback.example.com) then you only get the response from the origin / backend (the worker doesn’t intercept it).
Another fun fact. If
fallback.example.com has an A record that points to any internal IP address such as 192.0.2.1, the correct website is served via the worker when visiting
fallback.example.com. However, if you visit
app.customer123.com, that has a CNAME that points to
fallback.example.com then you get a timeout and DNS error.
How can we use custom SaaS domains and still leverage the benefits of the orange proxied cloud?