What we are trying to accomplish
- We currently use Cloudflare as our primary edge service
- We have client applications in Azure with hypothetical CNAME of “myappcname”
- We have multiple domains, some of which are in CF and controlled by us, some of which are with 3rd party DNR’s that we dont have control over - these are our customers domains. All of these domains need to point to the same Azure app.
- To achieve this we are currently having all domains point to an intermediary CNAME, “redirectcname”
- This CNAME “redirectcname” is in turn pointing to the CNAME of “azurecname”
- We want to route all requests through a single CNAME in Cloudflare for 2 reasons
- Use CF edge security products like DDoS protection, WAF etc
- To create a stable CNAME, so infra and edge is decoupled. This makes it easier to do things like change cloud vendors for app hosting if we need to. Hypothetically we could just point the CNAME “redirectcname” to CNAME “awscname” and all domains shift to a different app host with zero changes required from our customers.
What am I asking?
- Is this the best/simplest approach - any critique is welcome
- This only seems to work when the CNAME entries are set to DNS Only. This obviously in turn means that the Azure IP is visible with a nslookup - not ideal. Assuming this is a valid approach, how can we turn the Proxy on?
- If we can’t turn the proxy on, aside from making the Azure IP visible, does this have any other impact in terms of products that CF offer that wont work with DNS Only? (like WAF or DDoS protection etc.)
Thanks in advance.