Hide real IP address behind CF proxy but provide TLS verification

Hi Community,

We have setup a load balancing origin pool. I’ve enabled health monitoring for this and the Origin CF certificate is installed on the host. I’ve currently turned off “Don’t verify SSL/TLS certificates (insecure)” because we’re reaching our Origin server via our public IP address and not an FQDN to our CF domain. What I’m seeing as a catch 22 is we want to hide our real IP address with CF proxy on the DNS A record but at the same time provide a secure way to use the health check (TLS verified). Right now, if I turn on proxy on the DNS A record, the check will fail because it only reaches CF IP addresses, not our real server. If I turn off proxying then we’re exposing our public IP address. Is there a right way to make this work or is using our public IP address on the health check the only way to do this?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.