You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I wanted to make sure readers would not overlook this "Hostname priority" section, hence I removed (Cloudflare for SaaS) because it gives a false impression it's not needed to read it for a standard customer. In the end, it's very often the case that, somewhere, a customer have a hostname covered by Cloudflare for SaaS, but customer isn't aware of it.
Copy file name to clipboardExpand all lines: src/content/docs/ssl/reference/certificate-and-hostname-priority.mdx
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -57,21 +57,21 @@ Cloudflare uses the following order to determine the certificate and settings us
57
57
58
58
***
59
59
60
-
## Hostname priority (Cloudflare for SaaS)
60
+
## Hostname priority
61
61
62
-
When multiple proxied DNS records exist for a zone — usually with Cloudflare for SaaS — only one record can control the zone settings and associated origin server.
62
+
When multiple proxied DNS records exist for a hostname, in multiple zones — usually due to Cloudflare for SaaS — only one record will control the zone settings and associated origin server.
63
63
64
-
Cloudflare determines this priority in the following order (assuming each record exists and is proxied (orange-clouded)):
64
+
Cloudflare determines this priority in the following order, assuming each record exists and is proxied (orange-clouded):
65
65
66
66
1.**Exact hostname match**:
67
67
68
68
1.[New custom hostname](/cloudflare-for-platforms/cloudflare-for-saas/start/getting-started/) (belonging to a SaaS provider)
69
69
2.[Legacy custom hostname](/cloudflare-for-platforms/cloudflare-for-saas/reference/versioning/) (belonging to a SaaS provider)
70
-
3.[DNS](/dns/manage-dns-records/reference/proxied-dns-records/) (Belonging to the logical DNS zone)
70
+
3.[DNS](/dns/manage-dns-records/reference/proxied-dns-records/) (belonging to the logical DNS zone)
71
71
72
72
2.**Wildcard hostname match**:
73
73
74
-
1. DNS (Belonging to the logical DNS zone)
74
+
1. DNS (belonging to the logical DNS zone)
75
75
2. New custom hostname (belonging to a SaaS provider)
76
76
77
77
If a hostname resource record is not proxied (gray-clouded) for a zone on Cloudflare, that zone's settings are not applied and any settings configured at the associated origin are applied instead. This origin could be another zone on Cloudflare or any other server.
@@ -90,6 +90,6 @@ Customer1 uses Cloudflare as authoritative DNS for the zone `shop.example.com`.
90
90
91
91
A customer has a [proxied](/dns/manage-dns-records/reference/proxied-dns-records/) DNS record for their domain. The customer's zone on Cloudflare is using a Free plan.
92
92
93
-
This customer is also using a SaaS provider that utilizes Cloudflare for SaaS. The SaaS provider is using a Cloudflare Enterprise plan.
93
+
This customer is also using a SaaS provider that uses Cloudflare for SaaS. The SaaS provider is using a Cloudflare Enterprise plan.
94
94
95
95
If the provider is using a wildcard custom hostname, then the original customer's plan limits will take precedence over the provider's plan limits (Cloudflare will treat the zone as a Free zone). To apply the Enterprise limits through Cloudflare for SaaS, the original customer's zone would need to either use a [DNS-only](/dns/manage-dns-records/reference/proxied-dns-records/) record or the SaaS provider would need to use an exact hostname match.
0 commit comments