Implementing Custom SSL for Authenticated Origin Pulls, Exploring Cloudflare Aegis

Website, Application, Performance Security
1

Hello Cloudflare Community,

I’m part of a team seeking to enhance our website’s security and efficiency through Cloudflare’s offerings. We have a few specific goals and challenges that we’re hoping to get advice and insights on from the community. Here’s a detailed breakdown of what we’re looking to achieve:

  1. Custom SSL Certificates for Authenticated Origin Pulls: We aim to implement custom SSL certificates to secure the connection between Cloudflare and our origin servers. This is to ensure that only Cloudflare can access the origin servers directly. We are familiar with the basic setup of Authenticated Origin Pulls but are looking into the possibility and best practices for using our custom SSL certificates in this setup. Any guidance on steps, prerequisites, or considerations would be greatly appreciated.
  2. Cloudflare Aegis for Dedicated Egress IP Addresses: We are interested in Cloudflare’s Aegis service, as we understand it provides dedicated egress IP addresses, which could greatly benefit our setup, especially for allowlisting purposes. However, we are having trouble locating this option or understanding if it is the correct solution for our need for dedicated egress IP addresses. Is this feature part of the Zero Trust suite, or is it called something else? Any clarification or steps on how to set up dedicated egress IP addresses through Cloudflare would be helpful.
  3. Host Header Validation: To prevent unauthorized access and potential host header attacks, we want to ensure rigorous validation of the Host header in incoming requests. We are seeking advice on how to implement Host header validation in Cloudflare. If there are specific settings or rules that can be configured to enforce this validation, information on how to set these up would be of great value.

We are committed to following best practices and leveraging Cloudflare’s features to the fullest to secure our web presence. Any insights, documentation references, or experiences shared would be immensely helpful in guiding us through these implementations.

Thank you in advance for your support and guidance.

3

Hi @prasad.kommi

  1. Authenticated Origin Pulls (mTLS) · Cloudflare SSL/TLS docs and Restrict external connections · Prevent DDoS attacks · Learning paths

  2. This is an enterprise only feature. You can read more about it here Restrict external connections · Prevent DDoS attacks · Learning paths and here https://blog.cloudflare.com/cloudflare-aegis/

  3. Restrict external connections · Prevent DDoS attacks · Learning paths.

4

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.