2

I have configured an Amazon Web Services Application Load Balancer with a few registered targets that are basic web applications. I have created a CNAME in CloudFlare and pointed this (using DNS ONLY option) to the A Record endpoint of my ALB. Things work how I would expect here and the setup feels pretty slick.

I have created a listener on the ALB with rules so that requests to different subdomains or specific paths are routed to the correct target application like so:

IF host matches 'BLOG.mysite.com'     --> target containing blog app
IF host matches 'mysite.com/V1/CHAT'  --> target containing chat API
DEFAULT                               --> default target

Things go haywire when I turn CloudFlare's HTTP Proxy ON for this CNAME. Requests to the CNAME which would usually return a working webpage (html and shortly after assets like JS, css and images) time out. This is disappointing because CloudFlare's HTTP Proxy is available to me at no additional cost and offers a myriad of security features like DDos protection, etc.

Does anyone know why this happens and how to get around it? Does the ALB not have access to the host of the request from the internet when HTTP proxy is turned on?

UPDATE: What I believe is happening is that my ALB rules containing a match case on the HOST stop working when CloudFlare HTTP Proxy is turned on because the host name is changed or modified. However, I have yet to prove this.

ztech
  • 560
  • 5
  • 13
  • What exactly do you mean "does not resolve"? – Michael - sqlbot Nov 14 '17 at 01:03
  • @Michael-sqlbot I just meant that the page does not load - didn't mean to imply anything more specific. I revised the wording in the question. Thanks. – ztech Nov 14 '17 at 14:35
  • Capture the incoming `Host` header at your server or in the ALB logs. I have done very little with Cloud*flare*, but I I know that Cloud*Front* has the option of sending the origin hostname as the `Host` header, or sending the original `Host` header as provided by the browser. It's surprisingly difficult to find which behavior Cloudflare defaults to by googling the docs, but should be easy enough to find in your server logs or the ALB logs. But there should be a fix or workaround once we identify the nature of the issue. – Michael - sqlbot Nov 14 '17 at 15:49
  • @Michael-sqlbot when I turn CloudFlare HTTP-proxy OFF my server logs show the host being the CNAME I expect. When it is turned ON I don't receive the request - my server logs show no activity. Looking into the ALB logs now. – ztech Nov 14 '17 at 17:30
  • I'd check the default target. Also, you allowed 0.0.0.0/0 in the balancer's security group, yes? Do you get an error from Cloudflare? White screen? If so, check the network tab in your browser's developer tools to find the error behind the white screen. – Michael - sqlbot Nov 15 '17 at 01:13
  • 1
    Have you managed to find a solution? – Slava Fomin II Oct 15 '22 at 00:29

0 Answers0