Authenticated Origin Pulls / SSLVerifyClient require
I'm new customer, and previous tenant has domains pointing to my IP.
My server is being hammered, tried blocking malicious traffic many different ways already, but need to enable Apache option SSLVerifyClient require.
It means, the webserver will only accept connections from cloudflare, and nobody else. Quite common for people to bypass cloudflare, and hack into the origin server directly.
If you let me edit the server.apache file, I would put the following:
SSLCertificateFile "/applications/xxx/privatehtml/cert2020.crt"
SSLCertificateKeyFile "/applications/xxx/privatehtml/cert2020.key"
SSLCACertificateFile "/applications/xxx/private_html/server-ca.crt"
SSLVerifyClient require
Authenticated Origin Pulls
Authenticated Origin Pulls allow you to cryptographically verify that requests to your origin server have come from Cloudflare using a TLS client certificate. This prevents clients from sending requests directly to your origin, bypassing security measures provided by Cloudflare, such as IP and Web Application Firewalls, logging, and encryption.
This feature requires additional configuration at your web server. Refer to our support guide on Authenticated Origin Pulls.
James Fox
shared this idea
1 comment
-
Mehul Boricha
commented
You can add one simple option to enable this option. The only requirement from the user will be to upload the origin certificate. Much needed feature.