Hide real URL from origin

I think this is called URL masking, but not 100% positive.


Let me explain what I am trying to do

  • I have Cloudflare on my domain, and have set up my origin server.

  • If I visit hello.domain.tld, Cloudflare points it to the origin IP, and the server displays website #1

  • If I visit hola.domain.tld, Cloudflare points it to the origin IP (Same IP), and the server displays website #2

I want to be able to visit hola.domain.tld, have Cloudflare point it to the orgin IP, but have the server display website #1. So the server has to be tricked into thinking that I am actually visiting hello.domain.tld. I cannot modify anything on the server side.

I was told that a reverse proxy with Cloudflare Workers may be the solution, but if it is, I cannot figure out how to get it to work.

Is this possible to accomplish with the Cloudflare free plan?

Oh, and I do not have FTP access to hello.domain.tld (Website 1), but I do have FTP access to hola.domain.tld (Website 2).

Thanks for your help!

That tbh sounds very fishy to me… not gonna lie.

But you should be able to achive that with workers.

If that is the case, hiring a web developer who is good at programming workers would be the right way.

And you’re sure you don’t want to just redirect the traffic? Serving the same content from multiple URLs is generally a bad thing from a SEO and user-experience perspective.

Well, your decision…

Because of the “Host” header in the request. If you modify the Host header before it hits the origin, the origin will respond differently.

First of all, are both sites covered by the same SSL certificate on the origin server? It’ll probably be easier if they are.

First way to modify the Host header would be using Transform Rules, specially Request Header modification

2nd way would be a new feature called Origin Rules but it’s only available via API currently and it looks like easy host header modification is only available to Enterprise plans

so Transform Rules would still probably be your best bet

1 Like

True, didn’t think of that :stuck_out_tongue:

Sorry, should have explained a but more about the non-issue side of things.

I am using an online service to manage some stuff, and they require control over a subdomain, a specific subdomain, and I cannot change it. The subdomain that they choose is one that does not make sense, so I want to change it. However, if I make a request the their server using any subdomain other than the one that they are using, I get an error message.

Transform rules sounds promising, I’ll give it a go!

something like this may work

I get and error message when trying to set it up that way:

'set' is not a valid value for operation because it cannot be used on header 'Host'


'set' is not a valid value for operation because it cannot be used on header 'host'

That’s odd, the documentation has a list of headers you’re not allowed to modify, and the host header isn’t on it.

maybe they’re trying to upsell to the new Origin Rules feature & haven’t updated the documentation yet

so you can control the contents of hola.domain.tld, right? What if you made a simple page that loaded hello.domain.tld in a full-page iframe? Not perfect but might work better than nothing.

What level of control do you have over the origin server? Is it Apache? If it’s Apache, couldn’t you just add hola.domain.tld as a ServerAlias on their vhost? That way requests to hola.domain.tld would return the same content as hello.domain.tld. Other web servers probably have similar functionality.

Almost none. It is shared hosting.

I’ll try the iframe thing. I never did before because of cookies, but since only the subdomain is changing, it may work…

I forgot, the system requires that both JavaScript and Cookies are enabled in order to use the subdomain.

There does not seem to be a way to have iframes allow both of those…

I did take another look at HTTP Request Header Modification Rules · Cloudflare Rules docs and saw this:

Currently, there is a limited number of HTTP request headers that you cannot modify. Cloudflare may remove restrictions for some of these HTTP request headers when presented with valid use cases. Create a post in the community for consideration.

Seems like you have a valid use case for modifying the Host header so maybe they’ll see this thread eventually

Yeah, I saw that as well. I’ll create a post, but was hoping that I could get something to work within a few days, I don’t really want to wait for someone to review the request and make changes.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.