What http requests are supported?

I understand it has been asked before, and a generic answer that all http requests is supported.

I just want to be very sure specific http requests are supported for a caldav service for WAF and anti-ddos service in Cloudflare.

WebDav http requests:

Hope someone could give me a definite answer please? Thank you :slight_smile:

1 Like

I believe this should work if you use the regular proxy, however argo tunnel (Cloudflared) does not support some methods like MKCOL. This should only be an issue if you want to use argo tunnel.


Thanks! Sorry I’m new to Cloudflare, what is argo tunnel and can I do without? I am thinking of hosting my caldav web app on aws elastic beanstalk, then have application load balancer in front then follow by Cloudflare waf and anti-ddos protection. Users connect from mobile devices over caldav (webdav) https to read/write their calendars to the server. In my scenario, do I need argo tunnel?

Argo Tunnel is a full-time direct connection between your server and Cloudflare. You can do without it and use a standard on-demand connection to your server.

1 Like

Ah… Thanks a lot! :slight_smile:

1 Like

May I ask if Cloudflare representatives watch the topics? Or if anyone is absolutely certain with the above mentioned https requests support before I propose using it in my organisation. No offence to everyone here, not that I doubt any one of you helpful souls :slight_smile: but I wish to only proceed if and only if I am absolutely certain.

Only a few do on a regular basis, and generally not on weekends.

If you’re looking for business-level answers, either a support request (click ‘get more help’) or contacting sales is a good idea as they’ll be able to give you a definitive answer to your questions.


If it’s business critical, set up a dev environment and run it through a Free Plan. Then you’ll know for sure. @Judge and I haven’t been able to find a complete official list, and if it’s not in writing somewhere, your best answer will come from someone who’s actually tested them all.

From my logs, I can personally confirm the following methods work: PROPFIND, REPORT, MKCOL, MOVE. In addition to the usual GET/PUT/DELETE/HEAD/POST.

1 Like

Thanks Judge and Sdayman :slight_smile:
Thank you again for the test and confirmation Sdayman!

Correct me if I am wrong, even if it is not supported by default, one could actually add custom http requests to be blocked or allowed right?

I don’t know if Cloudflare will pass through an invalid or unrecognized Request Method. Firewall Rules can block: GET POST PURGE PUT HEAD OPTIONS DELETE PATCH

I suppose if you manually edit the expression, you could put any request method in. But I’m not sure how Cloudflare handles and processes some of the fringe methods you listed.

1 Like

The API documentation for the Firewall Events lists more methods than the ones available through the UI, so if you edit the expression manually I’d expect they’d be handled accordingly (unless some of these methods are reserved somehow).



So it’s missing MKCALENDAR…maybe others.

Ya it looks like it.

Again, the best way to find out is set something up and run some tests. As for the Firewall Rules list, you can invert the rule to block anything that is NOT on your approved list.


I see the others, but not the above


This topic was automatically closed after 31 days. New replies are no longer allowed.