Redirecting a subdomain to a URL behind a VPN


I am trying to redirect a subdomain to a URL that is only accessible while on our company VPN. I have tried setting this up via page rules to no avail. I ensured that the subdomain is proxied through CF and it points to the dummy IP of The rule itself is a 301 with the origin URL being * and the target being the destination URL with no wildcards.

Since that wouldn’t work, I tried looking into workers. Is there a basic workers script that I can use to forward any request from * to the target URL? If so, could you kindly provide it (or the link to it)?

Could it be that because the request to the target URL is coming from a CF server, and not the IP which is behind the VPN that this is all getting shut down? Thank you for your time.

The fact that the target of the redirect is only accessible when on VPN, Corporate network etc. is not relevant. The Cloudflare Page Rule validator will not allow single label targets (https://intranet/), but will essentially allow any target, it does not check that the target is accessible.

Are you trying to redirect,, or The DNS records required for the www versions will be different. And the versions with /somathing need the match in the page rule to include a trailing *.

A quick test I created is below:

% curl --dump-header - -o /dev/null --silent | egrep -i 'location|HTTP/'
HTTP/2 302
location: http://internal.corp/ 
% curl --dump-header - -o /dev/null --silent -v
* Could not resolve host:


I appreciate the clarification and the help. I am changing my rule from * to just The idea was to try to catch both HTTP and HTTPS requests, but I can see now that I made things worse by trying to do that.

With that said, the rule set up this way should work, correct?

Edit: I changed the rule and it is still throwing a 522. Any other ideas? Thank you.

To match both http and https you just leave out the protocol.

What you want is:*

So made some headway. I disabled the Always use HTTPS rule for my domain and tried hitting the link using HTTP only ( and it worked! Unfortunately, I have to have the HTTPS rule on, so at least now I know it is a certificate issue.

I know it is a redirect, but since the subdomain is proxied via CF, does the Origin Server have to have a CF cert on it? Thank you for all the help here!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.