Cloudflare's equivalent of AWS CF x-origin-verify

jakatsavras · June 3, 2023, 8:20am

Hello,

In AWS when configuring a CloudFront you are able to set a x-origin-verify header and with a long static string (sort of token) as a value. This header is checked by the origin server (in this case a load balancer) to make sure the string (token) matches. This is to make sure the request comes from the CloudFront distribution

We would like to start using Cloudflare for the DNS. Is there a way to set an equivalent header with a string (token) that a load balance can check to ensure the request comes from Cloudflare?

albert · June 3, 2023, 10:43am

First and foremost, you should:

Ensure your origin server only accepts connections from Cloudflare’s IP ranges.
Ensure your origin server only accepts requests with a HTTP Host header matching your website’s domain.

You can add a request header containing a pre-shared key using Transform Rules, however, this is not best practice for securing your origin server.

Please take a look at this post for more information on how to best secure your origin server: