Heres the blog about it: https://blog.cloudflare.com/cloudflare-for-saas/

Thank you

https://api.cloudflare.com/#custom-hostname-for-a-zone-create-custom-hostname Is there a way to force an elliptic curve key pair certificate when setting up a custom hostname through the API? So far, I have only got certificates with RSA key pairs.

So I am looking at https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-verification/

I'm confused about how verification actually works

Because we've always been asking the client to set something up such as

app.client.com. IN CNAME modmail-quilt.customers.starchild.systems.
_cf-custom-hostname.app.client.com. IN TXT "c3d776f0-0d67-4226-beaf-d48ee237bfba"

Was the CNAME alone enough?

It is what the section labeled itself "CNAME" seems to suggest?

did SSL for SaaS change to no longer require TXT record for the fallback origin’s hostname (I can see I added it last time I set it up about 9 months ago, but can’t find it anywhere now when setting it up on a new domain), and now require that you add a Workers Route for every custom hostname (or use a \*/\* wildcard to catch everything but which would prevent you from doing other stuff with the domain)?

I don't know what you mean about txt on fallback, but you can use workers on them without using workers on the custom domain by setting a second route that routes to no worker

instructions here

before it was setup like this, can’t remember where the TXT value came from but it worked ^_^

for the new link you sent, I can get it to work with \*/\* but not with the instructions in the screenshot - I don’t understand what means - are we supposed to use that exact “url” or should it be replaced by something (like hostname or zone ID)?

I agree this section of the docs is pretty confusing, lets try an easier example If your zone is for the

example.com

domain, you would put

*.example.com/*

in the route, and select "none" for worker/service

This will reverse the action of the

*/*

route, meaning that requests to your actual domain will go directly to origin, but requests to custom hostnames will go to the worker on the

*/*

ahh I get it now, thanks a lot

Yeah I have an outstanding issue on the docs to get that cleared up because it confused me majorly too 😅

Also whenever using a

*/*

route note that absolutely everything that is orange clouded on dns will go to that worker unless theres another worker it matches more closely (i.e

*.<zonename>.com/*

) So I highly recommend going to your

workers routes

on your domain settings and adding the following 2 (if you dont already have workers for these):

Route: <zonename>.com/*   Service: None
Route: *.<zonename>.com/* Service: None

Hi guys, I have an app behind azure application gateway (no waf) with external IP I created new A record in "dns only" mode it does work but in proxy mode i get 522 error according to application gateway logs - no traffic from cloudflare coming at all tcpdump in app side is silent too Has anybody encountered such an issue? resolved, I will share for somebody else who probably will search for an answer: Cloudlfare have two important settings "Always Use HTTPS" and "Automatic HTTPS Rewrites" If any of them enabled - your application gateway have to be configured with https listener (with good - no self-signed cert) - otherwise no connectivity will be provided. If you do not have CERT you can go with FrontDoor service which provides it`s own ssl cert

you can also just do:

Route: *<zonename>.com/* Service: None

instead of:

Route: <zonename>.com/*   Service: None
Route: *.<zonename>.com/* Service: None

Is cloudflare for SaaS startup restricted to only Startups that have received funding? We're bootstrapping and are curious. Couldn't really find details saying that. Then again, I would also totally understand you don't want to accept every "bootstrapped" startup.

Requires you’re apart of a participating accelerator program

Hi, not sure if this is correct channel, but is there anyone who can help me with a question regarding Cloudflare WAF and rate limiting rules?

Post the question in #909458221419356210

Thanks! Will do

Quick question: can I use tunnels as an origin with cf for saas?

it should work, though if dash tunnel then it will get upset trying to add a public hostname for a specific customer domain, better to use a catchall or a config.yml

https://developers.cloudflare.com/api/operations/custom-hostname-for-a-zone-create-custom-hostname this api keeps failing for me with Invalid custom hostname. Custom hostnames have to be smaller than 256 characters in length, cannot be IP addresses, cannot contain spaces, cannot contain any special characters such as _~`!@#$%^*()=+{}[]|\;:'",<>/? and cannot begin or end with a '-' character. Please check your input and try again. The documentation doesn't say anything about what to pass the hostname as in the POST body.....

------------------------------ *This channel is archived, please use #909458221419356210 * ------------------------------