Wildcard DNS Entries For Free

See Warp, a VPN by CF.

Warp will allow a user to connect to a VPN endpoint at the POP closest to them. It will not hide the user’s IP address, nor will it allow a user to connect to a POP in an alternate geo to bypass/circumvent content restrictions by private entities or governmental controls.

The scenario described above is Domain Fronting, which Cloudflare does not support except in limited scenarios for Enterprise customers to other domains they control and manage (and if they attempt to abuse that they are subject to termination for violation of our ToS). Using Workers it is not possible to change the host headers being sent in order to prevent just this type of activity. Whatever governmental controls are put in place to block specific content in their country/region are the business of that government and the citizens therein. Cloudflare provides DDoS mitigation and security services to prevent a bad actor (state or otherwise) from knocking a site offline, not to provide an avenue to bypass content controls.


I’m pretty sure this is on-topic, but apologies if it isn’t (DNS stuff isn’t my forte): I have an application that’s a bit like codepen.io/jsbin.com in that it allows users to write code and publish it. Currently it gets published on sandbox.website.com/their-project-name. This is obviously a big problem because this means that all of the webpages share the same origin and thus the same localStorage, etc. I’d like to use Cloudflare workers as an intelligent cache layer, but also, ideally, as a way to implement a subdomain for each project like so: their-project-name.website.com. Am I right in understanding that this is not possible on the Cloudflare free plan? Cloudflare is a business, of course, but I like CloudFront’s “pay only for what you use” approach where even the “little people” have a chance at using the cool tools and you just pay more as you scale. But I guess it’s just a different approach.

Please add support for proxying wildcards in the free plan. It will be great step for complete protection of every website. I use subdomains for each projects in a user account.Like *.example.com

Even though i get protection for the main domain, I miss the wildcard proxy protection. And my websites Origin IP is exposed to everyone. This is really a bad thing.

Why isn’t Cloudflare doesn’t support proxying wildcards in the free plan? What is the security issue dealing with proxying wildcards? And please, provide proxy protection for wildcards.

It’s not available since the use case is usually SaaS apps, where you set up your clients with a subdomain. Cloudflare is a business that has to make money, so they choose to gate B2B type services behind the Enterprise plan.

1 Like

I wish Cloudflare enables proxying wildcards on the free plan for a complete protection of the entire website. This ensures not only complete protection, but we can manage all the subdomains easily…

It wouldn’t surprise me if they limit that due to potential abuse. A wildcard entry set to :orange: would proxy all subdomains through Cloudflare, regardless of if they exist or not. That could be an attack vector for a DDoS attack against Cloudflare.


I understand your security concerns. Atleast for users who need to proxy those, let them able to contact support to enable proxying wildcards. Due to the absense of this feature on Cloudflare, I was forced to use other Services along with Cloudflare.

If proxying wildcard DNS entries is available in the free plan, it help me setup custom subdomains for my users page. Idont think i could afford money for it.

Help us proxy wildcard DNS entries in the free plan. Extremly useful. I create a small project so that users can add new projects and their project url looks like project-name.example.com

Lots of Enterprise features are useful, but cost money, which is what Clouldflare needs to do to be successful.

If you’re going to have a system for users to add their own subdomains, you should incorporate an API process to create that subdomain in your Cloudflare DNS.


Have your project call your account using Cloudflare’s API and add a DNS entry for project-name.example.com and set it to :orange: .

Will there be any chance in future to proxy wildcards on the free plan. Need not to expose/reveal my ip for wildcard records.

1 Like

probably not now. you can try other services for waf, cdn and ddos for wildcard subdomain record… :unamused: