This is a guide on how to test if Cloudflare is running live for your website, including creating a har file and finding the ray ID to help with troubleshooting issues with Cloudflare Support
How to test if Cloudflare is running live for your website
1. How to test if Cloudflare is running live
What you and your team should know
Vu Long Tran, Customer Success
2. What we’ll cover:
How-To Better Integrate with Cloudflare
Step 1 - Local Testing
Step 2 - Subdomain Testing - Internet Wide
How do I know Cloudflare is active on my site?
Troubleshooting/ Validating Cloudflare
Common Troubleshooting Commands
4. How do I know Cloudflare is active on my site?
Response:
An easy way to confirm Cloudflare is active and resolving your site is to run a DNS lookup with a
command like dig or nslookup. Here is an example command you can run:
dig vulongtran.com +trace
You can also use a third party site to check the site’s DNS like https://www.whatsmydns.net/
If Cloudflare is active, the site should resolve from Cloudflare IPs as a result of activation and
using its services.
<Provide output of dig command here to show the customer if the site is resolving from CF
IPs>
5. Cloudflare Trace
Verify a site is running through Cloudflare. You can choose to run Cloudflare trace in your web browser: eg.
vulongtran.com (replace this with your domain name)
www.vulongtran.com/cdn-cgi/trace
Response example you should see (if it is running on Cloudflare):
fl=35f98
h=www.vulongtran.com
ip=2406:3000:11:1022:292e:8f4c:eabe:8684
ts=1490256258.534
visit_scheme=http
uag=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/56.0.2924.87 Safari/537.36
colo=SIN
spdy=off
http=http/1.1
loc=SG
support@cloudflare.com
6. Claire - Cloudflare Plugin for Chrome
You can also use a Chrome extension called Claire that can be used to quickly verify sites using Cloudflare
Grey cloud sites are not utilizing our services and orange clouds are utilizing Cloudflare
11. STEP 2 - Subdomain Testing - Internet
Wide
How to test if it is working locally
STEP 1 - Local Testing
12. Overview - Routing through Cloudflare requires a DNS
settings change
support@cloudflare.com
Full
Cloudflare’s robust, global and fast DNS becomes
your authoritative DNS provider.
Pros:
● Cloudflare accelerates & protects your apex
(root) domain along with subdomains
● Leverages Cloudflare’s network for DNS which is
very fast, highly available, and resilient to DNS
based attacks.
Cons:
● Changing the authoritative provider is not
always possible for organizations.
CNAME
You keep your primary DNS provider and link
individual subdomains to Cloudflare.
Pros:
● Involves small change and allows only
subdomains to be sent through Cloudflare
Cons:
● We cannot protect your apex (root) domain
● An attacker may overwhelm your authoritative
DNS provider which will cause all DNS functions to
fail including the CNAME to Cloudflare
There are two ways to connect to Cloudflare:
13. STEP 1 - Local Testing
How to test if it is working locally
14. ##
# Host Database
##
127.0.0.1 localhost
...
198.41.209.86
example.com
198.41.209.86
www.example.com
198.41.209.86
secure.example.com
Cloudflare IP addresses:
The Cloudflare IP address must be valid for
the domain/zone being tested. They can be
found by testing the DNS resolution for any
orange-clouded DNS record in the domain,
or by a Cloudflare employee.
1. Open your Host File
a. Windows 8 (As Admin): C:WindowsSystem32Driversetchosts
b. OSX: /private/etc/hosts
1. Put in a Valid Cloudflare IP Address assigned for your domain/subdomain
1. You may need to flush the OS DNS Cache
a. Windows: ipconfig /flushdns
b. OSX: How to Flush OSX DNS
1. You may need to flush the browser DNS Cache:
a. Chrome: In Chrome URL bar type: chrome://net-internals/#dns
b. Safari: From Safari Menu Select: Safari > Empty Cache.
1. Check CF-RAY response header as described on slides above
How-To test locally using your Hosts file
support@cloudflare.com
15. 1. Find Cloudflare IPs assigned to your domain
Requires to do DNS lookup on orange clouded subdomain
*(If you don’t have an orange clouded subdomain you can create a test subdomain, eg. test.vulongtran.com which can be orange clouded)
Run the following command:
for Mac: dig www.vulongtran.com.cdn.cloudflare.net
for Windows: nslookup www.vulongtran.com.cdn.cloudflare.net
example of response:
;; ANSWER SECTION:
www.vulongtran.com.cdn.cloudflare.net. 300 IN A 104.28.18.100
www.vulongtran.com.cdn.cloudflare.net. 300 IN A 104.28.19.100
1. Put one of Cloudflare IPs from response above for your domain/subdomain into Hosts file and save it
1. Flush the OS DNS Cache and Flush the browser DNS Cache
1. Check the CF-RAY response header as described in slides above
support@cloudflare.com
How-To test locally using your Hosts file
16. STEP 2 - Subdomain Testing - Internet
Wide
How to test if it is working locally
17. Adding Subdomain - Internet Wide
support@cloudflare.com
1. Enable Cloudflare (orange clouded) for one of the testing subdomains in order to perform internet wide
testing, eg. test.vulongtran.com
1. Route Public DNS queries for the subdomain to Cloudflare performing in one the two ways below:
a. If using a 3rd party as Authoritative DNS, then create a CNAME record which points to Cloudflare:
eg. test.vulongtran.com CNAME to test.vulongtran.com.cdn.cloudflare.net
b. If using Cloudflare as Authoritative DNS, then orange cloud subdomain record, eg. test.example.com
3. Check the CF-RAY response header as described in slides above
Make sure for performing this test any Local testing configuration should be cleared out
19. How-To Better Integrate with
Cloudflare
Whitelist Cloudflare IPs to ensure your firewalls are not blocking our services
20. Preparing your network
● Configure firewalls to prevent access to your servers, load balancers, and other infrastructure from non-
Cloudflare IP addresses
This means whitelisting Cloudflare IPs in your Access Control List to prevent rate-limiting or false positives
from any intrusion detection systems.
● Prevents attackers from recording/recognizing the “fingerprints” of your hardware when probing your IPs
Restoring original user IP addresses
● HTTP requests will be coming from Cloudflare, instead of the actual users. Cloudflare adds “CF-
Connecting-IP” and standard “X-Forwarded-For” headers to all request
● Nginx, Apache, and IIS configs to switch the logged IP are available.
● You can find out how to easily restore the originating IP address here!
How-To Better Integrate with Cloudflare
22. Cloudflare Custom Headers
Cloudflare provides custom headers and cookies for debugging, visitor information
and improved security.
Header How we use it Example value
CF-Ray
This Cloudflare specific header is a unique identifier for every request passing through Cloudflare
and is used primarily for debugging.
13b9eb04dff503dc-DFW
CF-IPCountry
The standard identifying header for the originating protocol of an HTTP request. Cloudflare may communicate
with a web server using HTTP even if the request to the reverse proxy is HTTPS.
US
Cookie How we use it Example value
cfduid
This cookie is used by Cloudflare to apply security decisions to users that may share the same
IP address (such as in a coffee shop). It does not correspond to any user id, nor does the cookie store any
personally identifiable information.
d88dfb702206c2326978
0….115252
23. Cloudflare Custom Headers
Cloudflare adds host headers to supplement the redirect standards. You may also
need to restore the originating IPs. (Here’s How)
Header How we use it Example value
X-Forwarded-For The standard identifying header for the originating IP address of a client connecting through an HTTP proxy. 173.245.57.22
X-Forwarded-Proto
The standard identifying header for the originating protocol of an HTTP request. Cloudflare may communicate
with a web server using HTTP even if the request to the reverse proxy is HTTPS.
https
CF-Connecting-IP
This Cloudflare specific header is also used for identifying the originating IP address of a client connecting to your
web server through Cloudflare.
173.245.57.22
CF-Visitor This Cloudflare specific header is also used for identifying the originating protocol of an HTTP Request. {"scheme":"https"}
24. ##
# Host Database
##
127.0.0.1 localhost
...
198.41.209.86
example.com
198.41.209.86
www.example.com
198.41.209.86
Cloudflare IP addresses:
The Cloudflare IP address must be valid
for the domain/zone being tested. They
can be found by testing the DNS
resolution for any orange-clouded DNS
record in the domain, or by a Cloudflare
employee.
1. Open your Host File
a. Windows 8 (As Admin): C:WindowsSystem32Driversetchosts
b. OSX: /private/etc/hosts
1. Put in a Valid Cloudflare IP Address for your domain or subdomain
1. You may need to flush the OS DNS Cache
a. Windows: ipconfig /flushdns
b. OSX: How to Flush OSX DNS
2. You may need to flush the browser DNS Cache:
a. Chrome: In Chrome URL bar type:
chrome://net-internals/#dns
a. Safari: From Safari Menu Select: Safari > Empty Cache.
1. Use curl to confirm Cloudflare headers and traversal
a. curl -s -D - www.example.com -o /dev/null
1. Visit your website to confirm using your browser.
How to test locally with a Hosts file
25. How to test with basic commands
Unix command line tools
curl for HTTP:
$ curl -vso /dev/null https://www.vulongtran.com
dig for DNS:
$ dig www.vulongtran.com
traceroute for network:
$ traceroute cloudflare.com
Cloudflare CDN-CGI Trace:
Provides additional request information.
http://www.vulongtran.com/cdn-cgi/trace
Chrome Developer Tools:
https://developer.chrome.com/devtools
Chrome extension HTTP Headers:
https://chrome.google.com/webstore/search-extensions/http%20headers
fl=4f50
h=vulongtran.com
ip=2400:cb00:f00d:5ca1:5de6:39e9:e420:57e3
ts=1418940964.884
visit_scheme=http
uag=Mozilla/5.0 (Windows NT 6.3; WOW64)
AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/39.0.2171.95 Safari/537.36
colo=SJC
spdy=off
0
$ dig +short TXT vulongtran.com
"123456789-1234567"
27. No traffic is on Cloudflare
What happened:
CNAME: Traffic may be routing to a root domain or other A record
Full Domain: Customer has not turned Cloudflare on for the subdomain
What can you do:
CNAME: For root domains add a redirect to www on your origin server; for all other A records – change to a
CNAME
Full Domain: Make sure the cloud is toggled to orange (not grey)
Test the subdomain by running a ‘nslookup’ in Windows or ‘dig’ in Linux/Mac
28. Not seeing traffic through Cloudflare
What happened:
Full Domain: Name servers have not been propagated yet to Cloudflare name servers
What can you do:
Full Domain: Wait until Name Servers are propagated. A standard DNS propagation takes 24 - 48 hrs
Use www.whatsmydns.net in order to check propagation around the world
Contact Cloudflare Support at support.cloudflare.com
29. Common Cloudflare error messages
Cloudflare Support > Knowledge Base > Cloudflare Error Messages
Error Code Reason
1001 DNS Resolution Error: Either the customer recently signed up and DNS has not yet
propagated, or whomever is managing the DNS has a failure
521 Origin web server refused connection from Cloudflare. Either origin web server is not
running, or something is blocking Cloudflare IP addresses
522 Connection timeout to the origin server (30 second default). Cloudflare IPs may be rate
limited, web server may be consuming all resources (shared server), or there may be
network connectivity issues between web server and Cloudflare
523 Origin server is unreachable. Make certain that the origin IP address for the A record is the
same as in the Cloudflare DNS Settings page
524 Cloudflare could make TCP connection but did not receive response from the web server.
Long running application or database query is interfering
30. Information Gathering and Escalation
When reporting any errors or questions that require escalation to support@cloudflare.com,
the most helpful pieces of information to provide to Cloudflare are:
• RayID [All 52x Errors]
• URI requested [All 52x Errors and Performance]
• Traceroute/MTR from impacted location/machine [Network/Performance, 521, 522, and
523 errors]
• HAR File (HTTP Archive File) [520 and 524 errors]
• Test Links from http://webpagetest.org/ [Performance]
Please be sure to include the above information to avoid repeated communication and
secure the quickest resolution time possible.
32. Common Troubleshooting Commands
• Command Line Interface (CLI) commands to use:
• dig (DNS Tool)
• cURL (HTTP Tool)
• MTR/Traceroute (Network Tool)
• HTTP Archive Files (HAR)
• Web Page Performance Test Sites:
• Web Page Test
33. Using DIG (Domain Information Groper)
dig is a command line tool similar to nslookup that is used to run DNS queries and
check DNS records for a given domain/website.
The schema of this command is: dig <recordtype> <domainname> <options>
Here are example commands that can be used to lookup the DNS information of a
given website:
dig example.com
dig example.com +trace
dig NS example.com
35. Using cURL
cURL is a command line tool use to transmit data using URL syntax. Specifically with
Cloudflare Support, this command is used to make HTTP requests and compare server
responses.
The schema for this command is: curl –option1 –option2 http://www.vulongtran.com/url
Here are some example cURL commands used to check server responses:
curl –svo /dev/null http://www.vulongtran.com/
curl –svo /dev/null --user-agent “USERAGENTSTRING” http://www.vulongtran.com/
curl –svo /dev/null --header “Host: www.vulongtran.com” http://ORIGINIP/
curl –svo /dev/null --header http://www.vulongtran.com --resolve www.vulongtran.com:80:ORIGINIP
More detailed instructions here Using cURL with Cloudflare
37. Using MTR/Traceroute
MTR/Traceroutes are network based command line tools used to
measure performance/latency on a particular path to a given
host/destination.
Here are examples of both commands:
mtr -rwc 30 IPADDRESS/HOSTNAME
traceroute IPADDRESS/HOSTNAME
39. Generating a HAR File
A HAR file is a recording of HTTP requests ran from a web browser. Here is an example
of a recording being done from within Chrome’s dev tools:
Instructions can be found on Cloudflare’s KB: How do I generate a HAR File?
40. Getting more involved with Cloudflare
• Blog: Continual updates on the Company, product features, and
service/industry news.
• Knowledge Base: Collection of Support, technical, and reference
articles on Cloudflare’s service suite.
• Status Page: Live feed of any ongoing events on Cloudflare’s
network/services.
• Community: A place for Cloudflare users to engage with each
other and with Cloudflare staff.