How can we detect WHICH Cloudflare account is connecting to our origin server?
Right now, I’ve configured my origin server to ONLY accept Cloudflare IPs.
However, one way to circumvent this is to open a free Cloudflare account and add my origin as a target address with the Cloudflare Proxy.
Does Cloudflare pass in any type of header that specifies the originating account number/email address? Or some sort of secret in the header that we can validate/check for? I understand any header can be spoofed, but if it was some secret value that was specified in our Cloudflare account, we could configure our origin to ignore requests without that secret.
The reason we can’t simply validate the Hostname is because we use SSL for SaaS, along with Cloudflare WAF rules, and we’d like the WAF rules to always apply before reaching our origin.