According to Subdomain and CNAME records - #8 by sdayman, and Cname proxy - #4 by Cyb3r-Jak3, and other posts on this undocumented behaviour, Cloudflare cannot proxy CNAMEs where the target is also a Cloudflare customer.
Cloudflare appears to report in the dashboard > DNS list a blue ‘information’ icon and the hover string “This record is managed externally. To request changes, please contact your provider.” which has to be the least helpful error/warning message I’ve encountered in many years of using Cloudflare.
If true this means that the Cloudflare proxy for CNAMEs to third parties should not be used, full-stop. Doing so in ignorant bliss - it’s not documented! - to a non-Cf customer and relying on the subsequent behaviour is is a trap waiting to trigger if/when that target signs up to Cf.
Example: I configure a CNAME
a pointing to
thirdparty.com, at this time thirdparty is not a Cloudflare customer. I enable the proxy and create some page rules. All is well. thirdparty signs up to cloudflare and my page rules break.
Surely this warrants at least a “heads-up” in the doc.
Aside: when applying the proxy via API, Cf reports success even though it has ignored the proxy flag. Similarly, I can enable the proxy in the web UI even though it does not take effect. When I create a record in the UI identical to the one with the 'info icon, and enable the proxy at that time, I do not get the ‘info’ icon/warning on the new record (though it still fails to work).
[edit: removed statement re. bulk redirects; that was my bad (stale DNS)]