Make Railgun + Authenticated Origin Pull Certificates compatible



Currently it seems you can’t have Authenticated Origin Pull certificates enabled at the same time as Railgun. Would great it was made possible for both to be compatible and used together :slight_smile:


Why would you want to? I don’t use Railgun, but isn’t it like a Push connection from your server to Cloudflare?


Railgun improves the page speed for dynamic content by only serving a compressed version of a diff between 2 page versions rather than the entire content of a dynamic page with each request. For instance if you ran a news article site and the only difference between previously cached version of the article page and the current requested page is the current date of the article. Railgun will only need to serve that small compressed change/diff of the article date instead of serving the entire contents of article page ! That can mean only a couple of bytes of data is transferred !

Authenticated Origin Pull certs are a security measure to prevent folks from bypassing Cloudflare and connecting to your origin’s real IP if they get hold of that information. So that only Cloudflare server requests to web server origin’s real IP are allowed.

So one is for performance (Railgun) while other is for security. Right now to utilise Railgun for dynamic content acceleration, you need to lessen your security and remove/disable Authenticated Origin Pull certs.