What is Authenticated Origin Pulls?


#1

I don’t know what is Authenticated Origin Pulls.
I want to disallow MITM.

When I enable and setup Authenticated Origin Pulls, I can disallow MITM?


#2

Hey @detteiu.x14th,

What do you mean by MITM? If you’re referring to the fact Cloudflare is doing the SSL termination, authenticated origin pulls isn’t changing this logic.

Authenticated Origin pulls is a feature that allows you to authenticate our EDGE to your Origin with TLS, this way you don’t need to filter your public accesses based on our IP Ranges but just activate the mutual TLS auth at your premises instead with the CA provided through this link: https://blog.cloudflare.com/protecting-the-origin-with-tls-authenticated-origin-pulls/


#3

You should configure your web server so only the authenticated pull will work and other access without a valid cert will fail… then only Cloudflare would be able to pull content form your site.

Config examples for Apache and nginx are at the bottom of this how-to: