I’m trying to see if there’s an option but can’t find it. I assumed turning SSL off in the dashboard would do it but apparently it just means every https request is redirected to http. I’m not interested in utilizing the caching and other services besides the ddos protection, hence why I’m asking if it’s possible to utilize Cloudflare only as an SSL pass through. Thanks.
You can completely disable the SSL in your account from the SSL app, but you need to make sure to have an SSL installed in your server so you still got an SSL enabled website.
You can make use of Page rule and disable any service that you don’t want to run on your app.
I am feeling a bit confused with your questions, however, I suggest here to have a look 1st on how Cloudflare work:
Please make sure to read, and then let us know if you have any questions.
To get DDoS protection, Cloudflare uses a proxy server in front of your own server. It needs SSL enabled if you want HTTPS. If you want to use your own SSL certificate, you’d need a Business or Enterprise plan.
I’m unclear as to how that can be possible for an hostname.
ups sorry for the confusion that won’t work. that’s why I felt a bit confused about the questions.
I am wondering why they don’t need the Cloudflare SSL
I simply want to use Cloudflare as an SSL pass through, or in other words, them passing the packets off to the origin server without decrypting anything as the certificate sent to the client is the one from the origin server. I am aware I would not benefit from all ddos protections from layer 4 to layer 7 except only up to layer 3(?). Is this even possible? Can I tune the level of ddos protection to suit my case of not needing cloudflare to decrypt my traffic?
You can do this with Spectrum on an Enterprise plan.
Just to reiterate here the options:
If it’s for HTTPS traffic (other protocols require argo tunnel or spectrum), you can disable most protections and caching using page rules, not packet-for-packet like you want, and doesn’t stop defenses setup to protect our edge data centers, but it’s an option:
Argo tunnel is an option for non-enterprise plans, but requires cloudflared on your webserver ecosystem.
Doesn’t disabling CF SSL force a HTTPS to HTTP (non-https) redirect ?
If you don’t want CF decrypting anything then just disable orange cloud in DNS section and use CF as solely a DNS provider so traffic passes through to your origin routed by CF DNS only without CF CDN/WAF/Firewall interference. But you won’t get any DDOS/WAF/Firewall protections.
We cleared that up in posts 4&5.