mTLS rule does not apply to subdomain


I have a worker deployed with a custom subdomain and have enforced a mTLS rule for authenticating requests. While the mechanism works without any problem on custom subdomain, on the subdomain does not work. The rule is explicitly configured for both domains.

Does anyone have any clue on how to resolve this?

Is this a WAF rule? If so, then rules in your domain zone aren’t going to apply to a hostname.

Yes, it’s a WAF rule. Is there anything else I could be able to do in order to enforce it or not?

No, you can’t use rules on a, your easiest option is to run the Workers exclusively on custom domains and disable the route.

There may also be some mTLS properties exposed within the Worker which you can try checking:


You have a point. I completely forgot that the runtime provides those properties.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.