Reverse Proxy (two different origin servers/CNAME's for the same domain) using Page Rules

Originally I want to just reply to Reverse Proxy using Page Rules but since it is closed, I’m forced to create a new topic.

This was originally, but as I have found the answer I’m posting it here so that other people having the same question can find it.

The question: Can I use Cloudflare to serve a domain (say example .com) using two different servers based on path, i.e.:

example .com -> origin1.amazonaws .com
example .com/blog -> origin2.amazonaws .com

Note that the Host header is never changed.

All answers (@Judge) so far always mention this:

rewriting the HOST header is only possible with the enterprise plan to prevent abuse of 3rd-party services.

Fortunately I’ve found a thread on StackExchange, the feature I’m looking for is called Resolve Override, not Rewrite Host Header.

However, even without rewriting the Host header, Resolve Override is also only available in Enterprise plan.

@matteo mentioned using Cloudflare Workers, which could be interesting… But needs to mention that this also adds additional programming overhead on top of the Workers pricing, and competes with other alternatives from AWS and other cloud providers.

For Cloudflare they are the sane thing, as the first is just a different name of the second. Resolve Override is available to everyone, it’s limited to the account’s domains for everyone except for Enterprise (still manual activation on Cloudflare’s side).

Resolve Override is used for resolving the specific hostname to a different IP when querying DNS. Host Header Override, as the name suggests, is for changing the Host header towards the origin.

Directs the request to an alternate origin server by overriding the DNS lookup. The value of resolveOverride specifies an alternate hostname which will be used when determining the origin IP address, instead of using the hostname specified in the URL. The Host header of the request will still match what is in the URL. Thus, resolveOverride allows a request to be sent to a different server than the URL / Host header specifies. However, resolveOverride will only take effect if both the URL host and the host specified by resolveOverride are within your zone. If either specifies a host from a different zone / domain, then the option will be ignored for security reasons. If you need to direct a request to a host outside your zone (while keeping the Host header pointing within your zone), first create a CNAME record within your zone pointing to the outside host, and then set resolveOverride to point at the CNAME record. Note that, for security reasons, it is not possible to set the Host header to specify a host outside of your zone unless the request is actually being sent to that host.

https://developers.cloudflare.com/workers/runtime-apis/request#requestinitcfproperties

That is obviously true, Workers are by definition a serverless function running on Cloudflare’s nodes. The code is really simple though (simple JavaScript), just a couple of lines that you can basically copy off the documentation, but it still sends the host header of your site for the same reason as before mentioned.

1 Like

Sorry to correct: Resolve Override is not available to everyone, it’s Enterprise only, quoting Cloudflare itself on the Page Rules page:

What do Resolve Override and Host Header Override do (Enterprise only)?

Resolve Override changes the origin address that a request to a URL will be sent to. Host Override changes the Host Header on requests to that URL. More information is available on our Help Center about Resolve Override and Host Header Override

However if you mean that Resolve Override is manually available to Free/Pro plans on a case-by-case basis (by request) then that is very interesting for me!

In Page Rules you are correct, but talking generally it’s available in Workers (look in the Workers documentation: developers.cloudflare.com).

As for specific activation I have no idea but I really doubt it’s available.

1 Like

This topic was automatically closed after 31 days. New replies are no longer allowed.