How to serve Cloudflare-protected image URLs via a reverse proxy?

Have you searched for an answer?


Please share your search results url:

Describe the issue you are having:

Our site and our site’s images are currently served via Cloudflare (let’s say for argument’s sake the site’s domain is and the images are hosted under – both use Cloudflare).

We want to use an external service (like imgix) to perform image processing on these images (let’s say for argument’s sake these are exceedingly large images, so can’t be processed using Cloudflare Images).

Thus the images will be served via while users will continue to access

However: Cloudflare is currently serving response challenges to the external service.

What is the correct way to prevent these response challenges?

The external service can’t forward them to the user, since these are image assets loaded via an <img> tag, so currently the images simply break, and there’s no recourse for the user to perform a challenge. (Even if they could, performing 2x challenges would be pretty bad, i.e. one for and another for the images.)

AFAIK we also can’t forward Cloudflare’s session cookie to the external service as it’s on a different domain.

What error message or number are you receiving?

403 (challenge response)

What steps have you taken to resolve the issue?

We’ve configured a Cloudflare rule to use “Essentially Off” protection based on the user agent (the external service uses a specific user agent).

However: the docs (linked above) state you should only use “Essentially Off” if “one of your legacy HTTP applications is violating protocol standards”… which implies there’s a better / preferred way of doing this?

If so, what would that be?

Is anyone using Cloudflare to protect API endpoints?

If so: how are you getting around this issue?

Machines can’t complete JavaScript challenge responses :slight_smile:

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.