How to use Cloudflare as an SSL pass through?

I’m trying to see if there’s an option but can’t find it. I assumed turning SSL off in the dashboard would do it but apparently it just means every https request is redirected to http. I’m not interested in utilizing the caching and other services besides the ddos protection, hence why I’m asking if it’s possible to utilize Cloudflare only as an SSL pass through. Thanks.

Heloo @MunchyCracker

You can completely disable the SSL in your account from the SSL app, but you need to make sure to have an SSL installed in your server so you still got an SSL enabled website.


You can make use of Page rule and disable any service that you don’t want to run on your app.


I am feeling a bit confused with your questions, however, I suggest here to have a look 1st on how Cloudflare work:

Please make sure to read, and then let us know if you have any questions.


To get DDoS protection, Cloudflare uses a proxy server in front of your own server. It needs SSL enabled if you want HTTPS. If you want to use your own SSL certificate, you’d need a Business or Enterprise plan.

1 Like

I’m unclear as to how that can be possible for an :orange: hostname.

1 Like

ups sorry for the confusion that won’t work. that’s why I felt a bit confused about the questions.

I am wondering why they don’t need the Cloudflare SSL

2 Likes

I simply want to use Cloudflare as an SSL pass through, or in other words, them passing the packets off to the origin server without decrypting anything as the certificate sent to the client is the one from the origin server. I am aware I would not benefit from all ddos protections from layer 4 to layer 7 except only up to layer 3(?). Is this even possible? Can I tune the level of ddos protection to suit my case of not needing cloudflare to decrypt my traffic?

You can do this with Spectrum on an Enterprise plan.

5 Likes

Just to reiterate here the options:
If it’s for HTTPS traffic (other protocols require argo tunnel or spectrum), you can disable most protections and caching using page rules, not packet-for-packet like you want, and doesn’t stop defenses setup to protect our edge data centers, but it’s an option:

Understanding and Configuring Cloudflare Page Rules (Page Rules Tutorial) – Cloudflare Help Center

Argo tunnel is an option for non-enterprise plans, but requires cloudflared on your webserver ecosystem.

Argo Tunnel - Getting Started | Cloudflare Developer Docs

1 Like

Doesn’t disabling CF SSL force a HTTPS to HTTP (non-https) redirect ?

If you don’t want CF decrypting anything then just disable orange cloud in DNS section and use CF as solely a DNS provider so traffic passes through to your origin routed by CF DNS only without CF CDN/WAF/Firewall interference. But you won’t get any DDOS/WAF/Firewall protections.

1 Like

We cleared that up in posts 4&5.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.