The principle of Cloudflare SaaS Optimization
June 4, 2025 · 5 min read · Page View:
The SaaS process of Cloudflare
If you have any questions, feel free to comment below. And if you think it's helpful to you, just click on the ads which can support this site. Thanks!
In common situation, when you use the cloudflare to resolve your domain name, and you choose to use the cloudflare proxy(the yellow cloud icon), then cloudflare would probably get your domain resources into their CDN, that could be a good thing, but as we know, the network in mainland has some special rules, so for the free tier user, the access to the resources in the CDN would be somehow worse, even rest. That means, if the user connect to the node which has high latency, the request will experience worse. So this article will introduce some methods to help your resources access to the cloudflare nodes which are optimized for the mainland.
Why SaaS? #
So when I use some tools, I always ask myself why we use it? You should know more about the normal process.
Common DNS resolution #
The most common process is the basic DNS resolution(if you are not familiar with DNS, you can read my blog A Brief Introduction to DNS[1]), that is, you buy a server (which has public ip address eg. 1.1.1.1), and deploy some services(eg. blog) on the server. Then you can visit 1.1.1.1:8080 to request the server. Actually, it’s hard to memorize the ip. So normally we will buy a domain, and add a A record(for ipv4) to the DNS server(every ISP has it DNS server with the Namespace Server record), now we can visit blog.timerring.com to request the server, and we can ping blog.timerring.com to check the server ip is 1.1.1.1.
Using cloudflare proxy #
After a while, we found that there is a company called cloudflare which provides free https certificate, cdn acceleration, and hide my server ip… basically free, that’s crazy! So we can use the cloudflare to resolve the domain name, then we change the Namespace server to the cloudflare, and the most important is Open the cloudflare proxy(the yellow cloud icon).
Then we can ping the domain blog.timerring.com to check that the server ip is already changed to 172.xx.xxx.xx. Now, actually the visit process has changed to:
blog.timerring.com -> 172.xx.xxx.xx(Cloudflare) -> 1.1.1.1
And the 172.xx.xxx.xx is one of the ip node of cloudflare cdn, which is the ip of the cloudflare proxy. You can check my practice blog The Practice of Resolving Domain[2] for more details.
Using cloudflare for SaaS Optimization #
The flowchart of SaaSActually, the original intention of the SaaS is to forward the request to different domains(not hosted by cloudflare) to the cdn nodes and forward to the origin server.
Imagine this scenario, in some special days due to some reason, you visit blog.timerring.com and you found that the blog is not available, and you can’t access the 172.xx.xxx.xx via ping either, the ip is blocked. So what should we do?
Well, we heard about that visa.cn is also using cloudflare, and it can be accessed all the time, and the access speed is much faster than mine. So can we borrow the IP assigned to visa.cn to access cloudflare, and then let cloudflare access my server? The answer is yes. So there will be 2 problems we should solve:
- I visit
blog.timerring.comand I need to borrow the IP assigned tovisa.cnto connect to cloudflare. - After connecting to cloudflare, cloudflare knows who I am, knows my server is which, and knows to forward my request to my server.
Now for the solution:
- For the first problem, we can use DNS CNAME record to solve.
blog.timerring.com -> visa.cn, then we visit can get the error 1016. - For the second problem, we can use the
SaaSto solve.From the image, you may curious about:
The SaaS of Cloudflare- how does the cloudflare cdn know where is my server?
- That is the
fallback origin, the cloudflare will forward the request to thefallback originif the request is not available in the cdn.
- That is the
- how can the cloudflare know that these domain
www.custom1.com,shop.domain.com… are my domain, and forward the request to my server?- That is the
custom hostnames, the cloudflare will forward the request which matches thecustom hostnamesto yourfallback origin.
- That is the
- how does the cloudflare cdn know where is my server?
The principle of SaaS #
Now we know the principle of SaaS, it can be split into four steps:
- Use other domain such as
fallback.comto connect to cloudflare cdn, and hosted by cloudflare. - Add a A record of eg.
cdn.fallback.comto your server ip(eg 1.1.1.1), and usecdn.fallback.comas your fallback origin. - Now use your domain(which is hosted by other ISP) eg.
blog.timerring.comadd it to the cloudflare custom hostnames. - Finally, set the
blog.timerring.comCNAME record to the optimized domain(eg.visa.cn) OR A record to the optimized ip.
The core concept: the fallback origin has to connect to the cloudflare cdn, which means it has to be hosted by cloudflare and also use cloudflare proxy.
The problems you may doubt #
Are you curious about why we need 2 domains? One for the cloudflare and one for the other ISP.
That is, if you only use one domain, its SLD(blog.timerring.com and cdn.timerring.com) are both hosted by cloudflare. While the blog.timerring.com CNAME record to visa.cn, and the visa.cn is also in the cloudflare cdn, then you will request will be sent to the visa directly. So you will encounter the error 1016.
So if you host your domain blog.timerring.com on other ISP, even there is a success case[3]. But as I try, this would not work.
Configure Cloudflare for SaaS #
Here we can use the fallback origin in the cloudflare(so called SaaS) to implement the optimized nodes and DDNS.
Eg, here we use 2 domains,
fallback.comwhich uses cloudflare resolution as the fallback origin.mysite.comwhich uses the other resolution, which is the domain we want to optimize.
Step1: Configuration #
Then we configure according to the docs[4]. Such as use cdn.fallback.com as the fallback origin, points to your server.
Step2: Add custom hostnames then verify example[5] #
Here we add the test.mysite.com to custom hostnames in the cloudflare via the cloudflare SSL/TLS then verify. And we back to the platform which hosts this domain, and add a cname to the cdn.fallback.com
Step3: Search the optimized ip #
Here I use the opensource project CloudflareSpeedTest[6] to test and select the optimized ip. Also, you may doesn’t want to select the ip manually. You can directly change the cname in Step2 to some domains which have already selected the ips. eg, wetest[7].
References
- https://blog.timerring.com/posts/a-brief-introduction-to-dns ↩︎
- https://blog.timerring.com/posts/the-practice-of-resolving-domain/ ↩︎
- https://linux.do/t/topic/162721 ↩︎
- https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/start/getting-started/ ↩︎
- https://www.silverdragon.cn/archives/7484/ ↩︎
- https://github.com/XIU2/CloudflareSpeedTest ↩︎
- https://www.wetest.vip/ ↩︎
Related readings
- The Practice of Resolving Domain
- Understanding Clash Through Configuration
- A Brief Introduction to DNS
- Real Computer Network
- The MitM and HTTPS Capturing
If you want to follow my updates, or have a coffee chat with me, feel free to connect with me: