I have somewhat of a tricky situation that I’m trying to solve and hope someone from the community is able to shine some light.
We have a website, let’s call it bigsite.com for this example.
Bigsite.com has 3 components to it. Those components are:
- https://www.bigsite.com - used as the presentation page
- https://users.bigsite.com - used for the users web portal
- https://users.bigsite.com/api - used for the users portal API calls
We are currently tasked with switching to cloudflare and are looking into the business plan that cloudflare has to offer.
The problem that we are encountering is that users.bigsite.com/api requires a special set of SSL Ciphers which force us to bypass cloudflare all together. This means all traffic going directly to users.bigsite.com/api must bypass cloudflare and access the server directly (the same as if cloudflare was not enabled) at which point the Apache settings and SSL certificate installed on that webservers would be used.
We looked into Page Rules and believe that we may be able to accomplish what we’re setting out to do with the following:
Cache Level: ByPass
Always Online: Off
Is there a better way to accomplish this or the settings shown above should do the trick?