Introduction

A Cloudflare migration can move traffic toward the new backend while the old origin still stays eligible because the health monitor keeps reporting it as healthy. The load balancer setup may look mostly right, but one monitor is still satisfied by the legacy endpoint, so Cloudflare continues to treat the old server as a valid destination.

Treat this as a monitor-validation problem instead of only a pool-membership problem. Start by checking what the Cloudflare monitor actually tests and what response it expects, because an old origin can pass a loose monitor long after it should have been removed from service.

Symptoms

  • Cloudflare still considers the old origin healthy after migration
  • Part of the traffic remains eligible to hit legacy infrastructure
  • Load balancer pools appear updated, but the old backend is not draining out
  • Health checks succeed on the old server even after cutover
  • Responses remain inconsistent across repeated requests
  • The issue started after backend migration, origin replacement, or load-balancer cleanup

Common Causes

  • The monitor still targets a path that returns success on the old server
  • Expected response settings are too broad, so the legacy endpoint still passes
  • The old origin still serves a healthy-looking default response
  • Monitor updates were missed even though pool members changed
  • A fallback or regional pool still relies on the same health monitor logic
  • Migration cleanup removed traffic weights but left the old health-check criteria intact

Step-by-Step Fix

  1. Identify the Cloudflare monitor attached to the affected pool and review the exact host, path, method, and expected response it uses, because you need to know what test is keeping the old origin eligible.
  2. Check whether the old server still answers that monitor path with a success status, because a generic health endpoint can remain healthy even when the origin should no longer serve production traffic.
  3. Compare the monitor result on the new and old origins directly, because matching successful responses often explain why Cloudflare continues to treat both as valid backends.
  4. Tighten the monitor target, host header, or expected response so it reflects the intended new environment, because a loose health check can keep validating the wrong server after migration.
  5. Review any fallback or regional pool that shares the same monitor, because correcting only the primary pool still leaves the old origin eligible if another pool uses the old health-check logic.
  6. Remove or isolate the old origin once the monitor accurately distinguishes the new backend, because monitor cleanup and pool cleanup need to happen together.
  7. Retest repeated Cloudflare-routed requests after the monitor change, because inconsistent responses are often the first sign that the old server is no longer eligible.
  8. Confirm the old origin stops receiving health-check and production traffic in its logs, because the Cloudflare dashboard should match what the backend actually sees.
  9. Document the final monitor path, expected response, and pool relationship after recovery, because health-check logic is easy to forget during future origin migrations.