Authenticated Origin Pulls / SSLVerifyClient require
I'm new customer, and previous tenant has domains pointing to my IP.
My server is being hammered, tried blocking malicious traffic many different ways already, but need to enable Apache option SSLVerifyClient require.
It means, the webserver will only accept connections from cloudflare, and nobody else. Quite common for people to bypass cloudflare, and hack into the origin server directly.
If you let me edit the server.apache file, I would put the following:
SSLCertificateFile "/applications/xxx/privatehtml/cert2020.crt"
SSLCertificateKeyFile "/applications/xxx/privatehtml/cert2020.key"
SSLCACertificateFile "/applications/xxx/private_html/server-ca.crt"
SSLVerifyClient require
Authenticated Origin Pulls
Authenticated Origin Pulls allow you to cryptographically verify that requests to your origin server have come from Cloudflare using a TLS client certificate. This prevents clients from sending requests directly to your origin, bypassing security measures provided by Cloudflare, such as IP and Web Application Firewalls, logging, and encryption.
This feature requires additional configuration at your web server. Refer to our support guide on Authenticated Origin Pulls.

-
Mike commented
I would like this too. Currently I use an htaccess file to restrict access to Cloudflare IP ranges, but this isn't the best way. I need to make sure that I keep the list updated or else the website can become inaccessible.
-
Kaylee Khloe commented
Well, I highly appreciated your effort, You have done such great work to improve the security of your client. By the way, I am a college student and I am free now Because I complete my assignment project with the help of Edubirdie. You can also read its reviews on https://youressayreviews.com/review-of-edubirdie-com-services/. I also want to know more about SSLVerifyClient. So I am searching for it on the google search bar and found your post.
-
Mehul Boricha commented
You can add one simple option to enable this option. The only requirement from the user will be to upload the origin certificate. Much needed feature.