Tutorial CT-29 "Redirecting One Domain to Another" doesn't work anymore


The tutorial (Redirecting One Domain to Another)[Redirecting One Domain to Another] explains a workaround to redirect one domain to another by creating an A record to an internal IP ( and using Page Rules to redirect (so the IP is never used).

That doesn’t work anymore, as Cloudflare doesn’t allow proxying internal IPs, only DNS. This means that the Page Rule is never executed. The solution is simple: use an external IP. I used Google’s. As the Page Rule will redirect the user before it hits that IP, it doesn’t matter what you use.

Even if the internal IPs still worked, I’d still prefer to use Google’s, as this can create a potential vulnerability if there’s some issue with the Page Rule (or someone disables it in the future). If that happens, then one of your subdomains will point to localhost. I don’t know exactly how, but imagine if foobar.google.com pointed to localhost. I suppose someone with more creativity and experience than myself could find a way to use that to access the services running on a victim’s machine (e.g. injecting a JavaScript that would look for open ports on the user’s PC).

Other than that, the workaround works well.

The tutorial does not use an RFC 1918 address as you are using, it uses the documentation prefixes from RFC 5737, which work just fine.

Personally I always use an IPv6 address with a value of :: for this scenario, such as full hostname redirects or server less applications. It is really obvious in the DNS panel what an entry is for by using this convention.

That’s not the IP address recommended by the tutorial:

Duh, I guess I should’ve stopped working already. My mistake, the tutorial works with the address, and thanks for the IPv6 tip, @michael.

1 Like