r/CloudFlare

Configure httpHostHeader and originServerName for new applications

Hi, previously I configured applications in a tunnel. There I could/had to set a custom httpHost Header. This setting is not available any more in the new GUI.

I asked this AI assistent which insisted I had to use the API or use him to set it. I am really astonished that there are now settings available that are not visible in the GUI. Is this true or am I searching at the wrong place?

reddit.com
u/Sumsesum — 10 hours ago
▲ 28 r/CloudFlare+4 crossposts

I got tired of tool websites asking for signups, so I made my own: Would love some brutal feedback

To be honest, I was getting really annoyed every time I needed to do something simple like compress an image or convert a pdf. You google it and immediately get hit with ads, or they want you to make an account just to download your file. Plus, uploading personal stuff to random servers always felt super sketchy to me.

After dealing with this for a while, I just decided to build a massive toolbox for myself. Everything runs completely locally in the browser, so no servers, no signups, and nothing gets uploaded anywhere.

So I put it all together on https://footrue.com If anything feels broken or you think of something I should add, just drop a comment here.

Happy to return the favor and check out your projects too! Thank you!

u/TurbulentFail5486 — 1 day ago

Feedback on my Cloudflare-first stack

Hi everyone,

I'm moving almost my entire SaaS infrastructure onto Cloudflare.

Current setup:

  • Cloudflare Pages
  • Cloudflare Workers
  • Turso
  • WorkOS
  • Resend

The goal is to build a production-ready application while keeping costs at zero during the validation phase.

For people already using Cloudflare in production:

  • What limitations should I know about?
  • Anything that becomes painful at scale?
  • Would you change anything in this architecture?
reddit.com
u/Spirited_Demand_4805 — 22 hours ago

Google showing location as Russia when WARP is enabled

I've noticed anytime WARP is enabled on my computer, Google shows my location is Russia. Anyone have any ideas why this might be? / any cause for concern?

reddit.com
u/Sad_Tangerine5832 — 21 hours ago

CloudFlare R2 Storage - Billing Question

I am thinking to use Cloudflare R2 to store my images and videos that will be embedded in my static webpage. But it requires a payment method even for free tier. What happens if a bot downloads my video million times. Theoretically it means I have to sell my house to pay Cloudflare. Does anyone know how to mitigate such a risk?

reddit.com
u/sharpener865 — 1 day ago
▲ 2 r/CloudFlare+1 crossposts

Best way to restrict AWS/Cloudflare app to specific desktops?

We are building a fee payment application for a school organization.

Stack: DB/Backend on AWS and frontend on Cloudflare.

The challenge: We need to restrict payment work flow used by cashiers to specific systems, while the read fees access should be able to be accessed from anywhere.

The desktops are unmanaged, regular PCs, residing in different branches in different cities. They are all connected via standard consumer ISPs (no static IPs, no company intranet).

As we are already using Cloudflare, is this something that can be achieved with Cloudflare Zero Trust free tier?

I have never worked with this restriction before, SO I am open to any suggestions. And as this is a very low budget project, I'm looking for something that costs as less as possible (Preferably free).

reddit.com
u/Cold_Pressure6992 — 1 day ago
▲ 3 r/CloudFlare+1 crossposts

Cloudflare Verification terminal scam

Hi guys,

I fell for that stupid cloudfare verification thing and I actually pasted the code above into my terminal and it just opened up a small popup from my chrome and then asked me to input my password my presume but just kept inserting the wrong password. Also Terminal asked me if should allow access to my Desktop or Downloads I didn’t allow it.

Do you guys think I’m safe or should I wipe everything?

Any help would be appreciated thanks.

postimg.cc
u/IAmAllPowerful — 1 day ago

I built an open-source social media scheduler on Cloudflare Workers

It deploys in under a minute. No S3/R2 needed.

Supports Bluesky, Discord, LinkedIn, Mastodon, Telegram, TikTok, X, and YouTube.

Runs on Workers + D1, including file storage up to 25 MB via chunking.

Wanted to share it with the community. I'd love feedback. It takes less than 1 minute to deploy and try.

AI use declaration: The frontend was vibe-coded. The backend was not.

reddit.com
u/1e3pm — 1 day ago

Created Cloudflare Account and Transfered Domain, Now Getting Spam Emails

I use email aliases so the email was specifically created and only used for Cloudflare. I created an account yesterday, transfered 3 domains over, and now I'm getting spam Emails for website services from random Gmail accounts.

Is this normal? Extremely aggravating.

reddit.com
u/EN344 — 1 day ago

How the hell is Cloudflare free???!

I've been using cloudflare for a while. Originally it was just for hosting domains and using the basic CDN stuff, but as I am vibecoding more and more I have connected claude to it and keep getting shocked by, not only how good the stuff it can do is, but that it's free.

I have 2 VPSs and 1 normal webhost. I often vibe janky websites and apps - I ask claude what stack / host etc should I host my PWA on and to my surprise it says CF.

I am honestly shocked, you can just host a full PWA on CF, FREE. Sure there are limits but no one can really get anyone to use their vibe apps anway, so exceeding those limits would be fantastic problem to have.

I tried to get claude to explain it to me, but basically it said something along the lines of the enterprise customers are how CF makes it's money, and hosting the small sites that no one uses is unused and leftover anyway. Doesn't really make sense to me, but have to say CF is amazing and I'm certain I'm barely scraping the surface of what it can do.

reddit.com
u/Independent_End_1809 — 2 days ago
▲ 32 r/CloudFlare+10 crossposts

SeekYou, unified host intelligence across 15 sources

SeekYou – unified host intelligence across 15 sources, runs free on Cloudflare.
- Built a tool that takes any IP, domain, or ASN and queries 15 sources in parallel: open ports, CVEs, BGP, RDAP, cert history, passive DNS, 5 threat feeds, exposed buckets, Wayback snapshots — all in one report.
- 4-layer parallel execution (total time ≈ slowest source, not sum of all).
- KV caching per source, circuit breakers, per-IP rate limiting.
- Typed diff engine — get alerted when ports open, CVEs appear, or certs expire on monitored hosts.
- Runs entirely on Cloudflare free tier (~5k lookups/day).
Source: https://github.com/Teycir/SeekYou (https://github.com/Teycir/SeekYou)

u/tcoder7 — 2 days ago

Cloudflare doesn't always get all the credit it deserves!

Aside from the usage VERY generous free tier, today I straight-forward assured myself I don't need a VPS, and my research with latest Cloudflare developments & features landed me on the perfect combination of Cloudflare Mesh + VPC + Workers.

Am already very comfortable with the Workers free tier limits, I use D1, Queues, Browser Run, R2, KV, Observability, Hyperdrive on some other projects where I feared D1 wasn't enough.

Everything stated is all in the Workers free plan, and now the combination of VPC + Mesh + Workers is bringing the total again to just daytime robbing of Cloudflare.

How are they not having more credit than they deserve?????

I understand VPC is BETA and no pricing right now but I think when they pull out of BETA and I find free tier isn't enough, I'd gladly upgrade to cover that.

Don't even start me on vendor lock in topic, we all choose our best options and if Vendor Lockin is your concern then Cloudflare services aren't possibly for you.

reddit.com
u/DevJedis — 2 days ago

I hope to myself every day that CloudFlare just disappears or goes bankrupt.

This is seriously one of the most annoying features I've found on the internet. It completely locks me out of using whatever website it's on, and I genuinely hope they go bankrupt or something along those lines. The adware slop on Youtube or Fandom makes them annoying, but not just flatout unuseable.

reddit.com
u/OurpleOracle — 2 days ago

Does Cloudflare's free plan on worker could handle authentication system for testing? What is it for then if it were for free plan?

So I'm currently trying to deploy my full stack web app into Cloudflare worker. Well, eventually, my authentication system and even data fetching from database doesn't work because it takes CPU time more than 10ms. So I'm just really wondering, has anyone tried to deploy fullstack web app with authentication on Cloudflare worker on free plan? It's impossible right?

What can I actually do with cloudflare worker on free plan that has a crazy maximum cpu time limit of 10ms.

reddit.com
u/Minimum_Painting_335 — 2 days ago

I built a single-file admin panel for D1 — paste one worker.js into the dashboard, no CLI needed

I develop entirely from an Android phone (no laptop), so wrangler was never an option for me. Cloudflare's D1 dashboard works, but browsing data and running quick queries on mobile is painful.

So I built D1 Admin: a single worker.js file, ~420 lines, zero dependencies. Deploy path is literally copy → paste → save in the Cloudflare dashboard, bind your D1 database, set a password. You get a phpMyAdmin-style panel: browse tables, run queries, insert/edit rows. Mobile-first UI, because that's the only way I could use it myself.

A few implementation notes:

- Everything (HTML/CSS/JS included) is embedded in the worker — no external requests, works on the free tier.

- Multi-statement SQL is rejected with string-literal-aware parsing, not a naive semicolon split (WHERE name = 'a;b' works fine).

- Password-gated with timing-safe comparison. It's meant for a single admin user — limitations are in the README.

Repo: https://github.com/amirmahdavi2023/d1-admin

Feedback welcome, especially if you try it on a real database. And if anyone else is stuck with a mobile-only dev setup, happy to compare notes.

u/Past_Ant4099 — 2 days ago

Abusing Cloudflare Trust & Safety - False report takes down website for over 24 hours!

I am running a React + Vite website on workers for an open source project. Unfortunately some haters created a false report which took down my website instantly.

Spent over 24 hours with support trying to figure out what's wrong, until they told me about this report which I found in my Spam folder.

Website: https://mkpool.com/

Protect: https://github.com/Mecanik/mkpool

Purpose: show information, statistics, blog posts.

Why this is extremely concerning

I am running legitimate businesses on several other Cloudflare accounts, fully integrated with Workers, D1, etc. If a false report can take down your website like this, that means your business can be interrupted "just like that", without a reason and without a fast response.

I cannot imagine having one of my businesses down for 24+ hours, especially those with SaaS.

Why am I extremely upset

I've been supporting Cloudflare and it's users for years, with dozens of articles, software and advertising. Personal, Business and even Enterprise users reached out for assistance with many different requests.

If I am being thrown in the gutter "just like that", it means I am of no value to the company, which is very, very sad.

What happens now

Right now I am just waiting on "Cloudflare Trust & Safety" to answer my email and hopefully restore my website. Nothing else I can do, just wait.

I am also seriously re-evaluating every business and project I am hosting on Cloudflare entirely because of this situation. It's extremely concerning and alarms should be raised for anyone relying on Cloudflare entirely.

Thanks

reddit.com
u/Mecanik1337 — 4 days ago