I suggest you ...

← Service Improvement

Authenticated Origin Pulls / SSLVerifyClient require

I'm new customer, and previous tenant has domains pointing to my IP.
My server is being hammered, tried blocking malicious traffic many different ways already, but need to enable Apache option SSLVerifyClient require.

It means, the webserver will only accept connections from cloudflare, and nobody else. Quite common for people to bypass cloudflare, and hack into the origin server directly.

If you let me edit the server.apache file, I would put the following:

SSLCertificateFile "/applications/xxx/privatehtml/cert2020.crt"
SSLCertificateKeyFile "/applications/xxx/privatehtml/cert2020.key"
SSLCACertificateFile "/applications/xxx/private_html/server-ca.crt"
SSLVerifyClient require

Authenticated Origin Pulls
Authenticated Origin Pulls allow you to cryptographically verify that requests to your origin server have come from Cloudflare using a TLS client certificate. This prevents clients from sending requests directly to your origin, bypassing security measures provided by Cloudflare, such as IP and Web Application Firewalls, logging, and encryption.
This feature requires additional configuration at your web server. Refer to our support guide on Authenticated Origin Pulls.

5 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

James Fox shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Mike commented  ·   ·  Flag as inappropriate

    I would like this too. Currently I use an htaccess file to restrict access to Cloudflare IP ranges, but this isn't the best way. I need to make sure that I keep the list updated or else the website can become inaccessible.

  • Kaylee Khloe commented  ·   ·  Flag as inappropriate

    Well, I highly appreciated your effort, You have done such great work to improve the security of your client. By the way, I am a college student and I am free now Because I complete my assignment project with the help of Edubirdie. You can also read its reviews on https://youressayreviews.com/review-of-edubirdie-com-services/. I also want to know more about SSLVerifyClient. So I am searching for it on the google search bar and found your post.

  • Mehul Boricha commented  ·   ·  Flag as inappropriate

    You can add one simple option to enable this option. The only requirement from the user will be to upload the origin certificate. Much needed feature.

Service Improvement: Security

Categories

Feedback and Knowledge Base

(thinking…)