What is the 'proxied' feature in Cloudflare?

websockets

#1

In my Cloudflare console I can turn ‘proxied’ property on (in the console this is a red cloud with gray arrow crossing it or look at https://api.cloudflare.com/#dns-records-for-a-zone-update-dns-record for ‘proxied’ property) and off (gray cloud with arrow bypassing the cloud). What is the difference between these two settings:

  1. If ‘proxied’ is turned on does that mean that Cloudflare will proxy my HTTP requests (for an html page or an image for example)?
  2. If ‘proxied’ is turned on does that mean that all of my TCP connections’ data transfer will go through Cloudflare? And what will happen if it is turned off?

#2
  1. yes. Any HTTP(S) request

  2. No. only HTTP(S) requests. All other traffic is denied.


#3

You forgot that if the record is :grey: then the DNS will point directly at your origin.


#4

Because I noticed that you started typing a few seconds after I did :stuck_out_tongue:


#5

I was gonna do a longer answer, but your was to the point so I abandoned my efforts ahah

Let’s go back to topic :slight_smile:


#6

I am sorry! :pensive: :grin:


#7

No worries ahah


#8

But if all other traffic is denied how then Cloudflare proxies websockets that use tcp?


#9

Websockets (as well as all non-QUIC HTTP(s) requests) are TCP connections, HTTP is just one layer above TCP which defines how the data should be processed. Websockets are really just efficient, long-lived HTTP connections.

Cloudflare’s (heavily) customized Nginx configuration is set up to accept and proxy all websocket connections to the origin, similar to how a normal Nginx can in this article


#12

Ok. Can you please answer two more questions for a newbie :slight_smile: ?

  1. So if websockets is just a long-lived http then if ‘proxied’ is turned on my websockets data transfer will go through cloudflare and if it is turned off then my websockets data transfer will go directly through my website, right?

  2. If I will go to my website directly using my load balancer dns then cloudflare will not proxy anything for me and all of my tcp data transfer and http requests for pages/images will go directly trough my website?


#13

Going to answer both with yes - Proxying :orange: a DNS zone will limit what traffic is proxied to HTTP(S) and websockets. If the DNS is :grey: then Cloudflare will function as a regular DNS provider, and all traffic clients send to that DNS zone will go directly to the server, regardless of protocol, port, or TCP/UDP. This also means the DNS will point directly to the server, so you won’t be protected from DDOS attacks or benefit from any of the Cloudflare features.

The only exception is Spectrum, which is an enterprise feature for proxying non-HTTPS connections:


#14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.