Stop CNAME Cross User Banning

Why Cloudflare is banning CNAME from other users? Why exposing the origin IP? Why not we can’t even manage WAF, PageRules for those who CNAME to our domain/subdomain?

If they don’t use Cloudflare, they can’t benefit from easy SSL, and thats fine. (they can atleast purchase SSL certificate from their registrar) But if they do use Cloudflare, they can use proxy to use SSL. But we can’t manage the pagerules, WAF etc…

And if the user unproxy (:grey:) our origin IP is exposed. This is not at all recommended. We all love Cloudflare.

Please do consider updating this Solution. Incoming CNAME shouldn’t be banned. Atleast make there a toogle switch with adding sub/domains to use for CNAME for everyone.

Now-a-days people are not only doing blogging. But they are creating sites that help other peoples too. But this kind of restriction here make many developers stop making these kind of apps.

Most recommended for small SAAS.

1 Like

You can allow a CNAME between domains in different Cloudflare accounts is you are on a paid plan, by contacting support.

The issue is with two :orange: records if they point a proxied record to another proxied record, you run into The orange to orange problem.

Having a user point their domain to yours and allowing you to manage the settings and features is available on the Enterprise plan with the product mentioned above:

https://www.cloudflare.com/saas/

2 Likes

hey, what if the client :grey: their cname record. And i have :orange: my cname.domain.com site. Will that expose my IP? And if orange to orange problem occurs happen. Will we get more preference that our clients?

Client :grey: and your record :orange: is the normal way to do it when configured correctly, normally on an Enterprise plan. This means the service provider (or the target of the CNAME) will manage the settings for the domain.

If you point a record to a :orange: record on another account at the moment, it normally does not let you proxy it but forces it to DNS only to avoid this issue.

1 Like

And they can’t get an SSL. This force us to buy the SSL for SAAS which is Enterprise only. :man_shrugging:t3: :ok_man:t3:

I would imagine the infrastructure needed to provision potentially thousands of extra SSL certificates is why Cloudflare puts a price tag on it. Even if you don’t plan to have thousands of CNAMEs to your domain, someone will and it would slow down SSL provisioning for first-class customers.

Allowing only Cloudflare clients with :orange: is another way. And block all other requests. May :orange:to :orange: can be used in a way to provision SSL from clients side and managing pagerules, workers, WAF (if possible with toggle) on the providers side.

Enterprise users can extend this capability of this with managed SSL for even :grey: For all others this could be a good thing to give. This will also in a way most clients to use Cloudflare. :man_shrugging:

1 Like

Yes, let us allow our customers (who uses Cloudflare for their domain ) to CNAME to our domain. And help us proxy or give priority of that record in page rules, workers etc…

Let there be a specific or extra tab for doing these things. It is recommended for everyone.

1 Like

I want my user who is a cloudflare user also to point to my domain. And i don’t wanna expose my origin ip at all. And let me manage the pagerules for those who point to my domain. By making same pagerule for both url. And giving me priority for the rule.

This feature is an essential for many users who use cloudflare.

Hi @netak41073,

These are currently available on certain plans:

I actually think it is a good feature in general and for most users and it can be disabled by those who need it on paid plans.


Enterprise is something that is not at all possible for people like me. And that feature SSL for SAAS is good for pointing even from non-cloudflare customers. But managing pagerules of other cloudflare users can be easily done (orange-to-orange). And provisioning ssl won’t be hard. And ofcourse if user :grey: the record block it… or force :orange: the record since it points to ours.

1 Like

Orange to orange is being addressed, but currently: The orange to orange problem covers it.

1 Like