Knowing which Cloudflare Account is Connecting to Origin

How can we detect WHICH Cloudflare account is connecting to our origin server?
Right now, I’ve configured my origin server to ONLY accept Cloudflare IPs.

However, one way to circumvent this is to open a free Cloudflare account and add my origin as a target address with the Cloudflare Proxy.

Does Cloudflare pass in any type of header that specifies the originating account number/email address? Or some sort of secret in the header that we can validate/check for? I understand any header can be spoofed, but if it was some secret value that was specified in our Cloudflare account, we could configure our origin to ignore requests without that secret.

The reason we can’t simply validate the Hostname is because we use SSL for SaaS, along with Cloudflare WAF rules, and we’d like the WAF rules to always apply before reaching our origin.

I might not quite understand the scope of the question, but let me try to ask a question from below and share what I think might be useful in your case.

I am afraid not. Rather, you want the real visitor IP in the server/acces log files instead of seeing Cloudflare IPs? :thinking:

Cloudflare headers:

You can set custom HTTP headers, either via Transform Rules therefore checking for it’s existance/value using a Firewall Rule and choosing to either block or allow the visitor.

Could be I am wrong, due to lack of understanding, if so, kindly and patiently wait for another reply.

1 Like

Ahh, perfect! Setting a custom header would work under the Transform Rules!
Thanks for the insight!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.