Use cloudflare proxy for authenticated api

I’m trying to proxy a cloudflare cname record for an api endpoint that is authenticated, but when I enable the proxy then cloudflare puts up the custom error page and the endpoint becomes unavailable through the cloudflare cname.

I’ve tried creating a custom page rule for the endpoint and disabling every cloudflare feature to try and figure out what is the cause, but nothing works except for disabling proxying.

What can I do to proxy traffic through cloudflare for an authenticated api and disable cloudflare’s custom error pages? Is there instead some way to tell cloudflare what is and is not an error if I can’t turn the feature off?

For now I’ve turned the proxy off and I’m depending on aws api gateway’s WAF, but I’d rather use cloudflare’s security features for my entire site for consistency.

What error is being returned/generated?

Here is the response I get when doing a GET, with CORS so it does an OPTIONS request first, from my web application:

Request URL:
Request Method: OPTIONS
Status Code: 521

I get the same 521 error when going to the proxied domain in a browser (I’ve re-enabled the proxy so you can see the error now if you go to the domain):

My origin is returning this to cloudflare:

Request Url:
Request Method: GET
Status Code: 403
Body: {"message":"Missing Authentication Token"}

You are currently configured to use Flexible SSL in your crypto settings, but the host in question does not listen on port 80. You should change this to full if your other hosts support SSL to origin and/or use page rules to change the SSL type where needed.

I updated the encryption settings like you said to full and this fixed the problem. Thank you very much!

This topic was automatically closed after 30 days. New replies are no longer allowed.