Suggested resolution to: Cloudflare Health Checks could throw a false-negative when the origin server is actually offline

Hi,

A few of my clients are on the Business plan, and have deployed Cloudflare Health Checks, however, since it goes through Cloudflare Edge, it isn’t monitoring the origin, rather it is monitoring the Edge.

The issue

  1. If there’s a Cache-hit (through Cloudflare Edge Cache, Workers Cache or Always Online Cache) whilst the Origin is offline, it’ll still serve the page, which will result in a false-negative. [Anticipated issue]
  2. This is unnecessarily inflating the Cloudflare Analytics. [Actual issue]

Potential resolution
When creating health checks, allow the mention of IP Address(es) and hostname separately. As long as the hostname is in a zone that the creating user has access to (doesn’t have to be a zone within the same account).

Thanks,

+1 For this, I have noticed that it is particularly annoying since it also adds a lot of useless logs in the analytics and firewall pages.

1 Like

Why not have it hit the origin IP address instead?

2 Likes

I initially tried this but the connections were not being accepted by my backend, I just realized it was an SSL error.

Just now I realized that you can simply use that, I wonder if it’s new or just a silly mistake I made back when I set up the health checks.

1 Like

Thanks @sdayman.

That worked, exactly the result that I had wanted! Forgot that Host is actually a HTTP header too! haha!

Would be good for Cloudflare Health Check Analytics to

  1. Log the headers as well, especially some of the key ones.
  2. Make multiple tests against the Response Header and/or body, rather than just a single Response body test.
  3. Specify an expected SSL Cert Signature (self-signed certs), as opposed to just ‘allow unsecure’.
1 Like