We have created a CNAME record which is pointing to our AWS Loadbalancer
We would like to enable restricted access to our application which is under testing currently, hence we make added whitelisted ips in our AWS load balancer to only allow limited access , but based on your documentation we if intent to enable END-to-END SSL encryption then we have to make use of PROXY type & with PROXY settings doesnt honour our whitelisted IP’s configured on AWS Load balancer.
please suggest how to enable END to END SSL encryption along with enabling limited access


If you have Cloudflare proxying (:norange:) your site, Cloudflare manages the SSL encryption between your visitors and Cloudflare’s servers. Also, Cloudflare’s servers will connect via SSL to your servers (in this case, the AWS load balancer). Due to this proxy-behaviour, the IPs connecting to your load balancer are Cloudflare’s IPs. You could use the CF-Connecting-IP header to get the visitor’s IP address, or disable the Cloudflare proxying (:ngrey: DNS-only). Disabling the proxying would make End-to-End SSL between your visitors and your servers possible, but would also disable Cloudflare features such as Page Rules, Universal SSL, and more.

1 Like

Exactly what @TomKlein said, Cloudflare’s features work by being a TLS middleman. If you really want CF with E2E TLS, you can apply for the CF Spectrum Enterprise plan which has raw TCP proxying, however, then all you get is layer 3/4 DDOS protection with no other features working.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.