Today, if one formatted the backend web server to log the CF Ray ID data, the format generated is RayID-Exit-Data-Center, like RayID-EWR, which means the last/exit CF data center, the one who sent the request to the backend server, was Newark (USA).
It will help us for both operational and security reasons - if you will add to this format the source/incoming data center, say the ingress request came via the Frankfurt (Germany) CF data center, the log will show RayID-FRA-EWR, meaning first the RayID, then the source data center then the exit data center.
While that’s definitely a good idea, you can also implement a header with the visitor’s CF-Ray with a Request Header Transform Rule:
I have set my origin to echo back both the CF-Ray request header added by Cloudflare, and the one created by the Transform Rule:
The first is Apache’s echo of the request header CF-Ray added by Cloudflare, and reflects the exit datacenter.
The second is Apache’s echo of the request header added with a Transform Rule.
The third is the response header added by Cloudflare.
How reliable that would be in a production setting, given the complexity of Cloudflare cache mechanisms, you’d need to test.
Thank you cbrandt, nice Idea, good for temp troubleshooting.
Personally I would not like to echo back this data to all visitors, I wish to see it only in the web server logs, that only I have access too.
I hope many will vote for my idea so CF will realize it.
Thank you again.
Yes, definitely. The idea is to echo back only temporarily, to make troubleshooting easier.
Anyway, I wish your suggestion is successfully implemented by Cloudflare.