Cloudflare X-Pull Support


Thank you for providing a community to ask questions. This is my first-time here.

I am interested in using a WordPress plugin called BusinessPress. I have a particular concern while configuring it.

There is a section with the following messge: “These settings are required to make sure BusinessPress Login Protection won’t ban your CDN server. MaxCDN IP ranges are already part of the plugin code.”

Following that is a text input field for me to submit an X-Pull Key. The input field label says “Requests with matching X-Pull HTTP header will be considered as behind a proxy. Works well with KeyCDN.”

The wording there seems a little disingenuous, given that keycdn themselves created X-Pull. Cloudflare would rather you use client certificates (via Authenticated Origin Pulls) to authenticate and make sure only Cloudflare can pull your resources, as this method is built-in to TLS (aka SSL) and doesn’t require arbitrary headers.

If you absolutely need X-pull, you can use a worker like the below example to add it to your requests:


Thank you, Judge! I agree about the wording. You can probably imagine why I was concerned. X-Pull is not necessary for my use case but should the plugin not work without that configuration, I will look for an alternative. I appreciate your response.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.