Please add an option to use end-to-end encryption with CF.
Basically all I’m looking for from CF is for you to accept connections to my domain from your network IPs (if the incoming connection passes all WAF rules) and then proxy those connections directly to my backend server, where my backend server will handle the TLS termination.
Implementing this should be super simple and more lightweight than relying on CF resources to perform the TLS termination. I’ve run my own configuration of this setup for close to 20 years so I’m really quite shocked CF don’t already offer support for this??
(The motivation considering a move to CF is for the WAF feature – to demonstrate my efforts to geoblock regions that have active privacy legislation [Europe/GDPR, California/CCPA, Virginia…, various segmented locations.] )
Personally, I do not agree with this new model of fragmenting the Internet with geoblocks, but several legal resources recommend doing this to demonstrate services do not target the restricted regions… (Of course there are VPNs, proxies, TOR, … so it’s really just more non-sense, but whatever)
I also noticed CF offers the ability to block by country in their WAF which is great, but it looks like blocking by US state is restricted to Enterprise/Business subscriptions. Why is blocking by state restricted to business accounts?
I’d like to use your services, but I need:
- end-to-end TLS encryption terminated at my backend server
- the ability to block by country and US-state
I’m happy to pay for a Pro subscription, but can’t yet afford business level subscriptions.
Thank you for your consideration