Custom origin server

A custom origin server lets you send traffic from one or more custom hostnames to somewhere besides your default proxy fallback, such as:

• soap.stores.com goes to origin1.com
• towel.stores.com goes to origin2.com

Requirements

To use a custom origin server, you need to meet the following requirements:

• Each custom origin needs to be a valid hostname with a proxied (orange-clouded) A, AAAA, or CNAME record in your account's DNS. You cannot use an IP address.
• The DNS record for the custom origin server does not currently support wildcard values.

Use a custom origin

To use a custom origin, select that option when creating a new custom hostname in the dashboard or include the "custom_origin_server": your_custom_origin_server parameter when using the API POST command.

Cloud provider origins (Azure, AWS, GCP)

When using a cloud provider endpoint as a custom origin (for example, Azure App Service, AWS ALB, or GCP Cloud Run), the provider may reject requests with a 404 or 400 error if the Host header does not match a domain configured on that endpoint.

By default, Cloudflare sends the original custom hostname as the Host header. If your cloud provider expects a different hostname:

1. Configure the cloud provider to accept the custom hostname as a valid domain, or
2. Use an Origin Rule to override the Host header to match the hostname your cloud provider expects.

Note

This is a common issue with Azure App Service, where the platform returns a default parking page (404) when the incoming Host header does not match any configured custom domain.

SNI rewrites

Note

Only certain customers have access to this feature. For more details, see the Plans page.

When Cloudflare establishes a connection to your default origin server, the Host header and SNI will both be the value of the original custom hostname.

However, if you configure that custom hostname with a custom origin, the value of the SNI will be that of the custom origin and the Host header will be the original custom hostname. Since these values will not match, you will not be able to use the Full (strict) on your origins.

To solve this problem, you can contact your account team to request an entitlement for SNI rewrites.

SNI rewrite options

Choose how your custom hostname populates the SNI value with SNI rewrites:

• Origin server name (default): Set SNI to the custom origin

  • If custom origin is custom-origin.example.com, then the SNI is custom-origin.example.com.

• Host header: Set SNI to the host header (or a host header override)

  • If wildcards are not enabled and the hostname is example.com, then the SNI is example.com.
  • If wildcards are enabled, the hostname is example.com, and a request comes to www.example.com, then the SNI is www.example.com.

• Subdomain of zone: Choose what to set as the SNI value (custom hostname or any subdomain)

  • If wildcards are not enabled and a request comes to example.com, choose whether to set the SNI as example.com or www.example.com.
  • If wildcards are enabled, you set the SNI to example.com, and a request comes to www.example.com, then the SNI is example.com.

Important

• Currently, SNI Rewrite is not supported for wildcard custom hostnames. Subdomains covered by a wildcard custom hostname send the custom origin server name as the SNI value.

• In the O2O context (when requests are originating from a proxied hostname on a zone also on Cloudflare), changing the SNI value to use host header is currently not supported.

• SNI overrides defined in an Origin Rule will take precedence over SNI rewrites.

• SNI Rewrite usage is subject to the Service-Specific Terms ↗.

Set an SNI rewrite

To set an SNI rewrite in the dashboard, choose your preferred option from Origin SNI value when creating a custom hostname.

To set an SNI rewrite via the API, set the custom_origin_sni parameter when creating a custom hostname:

• Custom origin name (default): Applies if you do not set the parameter
• Host header: Specify ":request_host_header:"
• Subdomain of zone: Set to "example.com" or another subdomain of the custom hostname