Can you expose an application to the Internet by cloudflare without TLS termination?
The TLS is typically terminated at Cloudflare servers . This means that CF decrypts the traffic, scans it and re-encrypted it to origin server.
I want the traffic to be end to end encrypted from client to the origin server. This requires TLS pass-through. I want to enforce ACLs at cloudflare as much as possible. For example, IP filtering should be easily doable, but also forwarding client certificate.
Another workaround would be that client authenticates to Cloudflare through some kind of SSO. If authentication is successful, client obtains a token from CF, and then establishes a direct TLS connection with the origin server .
Does anyone know if TLS pass through is possible, and what kind of ACLs can be enforced?
I want the traffic to be end to end encrypted from client to the origin server. This requires TLS pass-through. I want to enforce ACLs at cloudflare as much as possible. For example, IP filtering should be easily doable, but also forwarding client certificate.
Another workaround would be that client authenticates to Cloudflare through some kind of SSO. If authentication is successful, client obtains a token from CF, and then establishes a direct TLS connection with the origin server .
Does anyone know if TLS pass through is possible, and what kind of ACLs can be enforced?
