Fix Cloudflare Proxy Not Working

Introduction

Cloudflare's proxy feature (the orange cloud icon) routes traffic through Cloudflare's edge network, providing CDN acceleration, DDoS protection, WAF, and SSL termination. When proxy is disabled (grey cloud, DNS-only), traffic goes directly to your origin server, bypassing all Cloudflare features. Many "Cloudflare not working" issues stem from accidentally disabled proxy status on DNS records, or misunderstanding which records should be proxied.

Symptoms

DNS resolves directly to origin IP instead of Cloudflare IP
Cloudflare features (WAF, CDN, DDoS) not active
SSL shows origin certificate instead of Cloudflare certificate
No Cloudflare Ray ID in response headers
Site slower than expected (no CDN acceleration)
Direct access to origin IP possible from internet
Cloudflare dashboard shows traffic but analytics empty

Common Causes

DNS record proxy status set to DNS-only (grey cloud)
Only specific records proxied, missing key endpoints
Proxy status changed accidentally during DNS update
Subdomain records not proxied while main domain is
Mail/MX records incorrectly proxied (should never proxy)
DNS-only records exposing origin IP
Cloudflare nameservers not delegated at registrar

Step-by-Step Fix

1.Check DNS record proxy status:

Navigate to: Cloudflare Dashboard > DNS > Records

``` # Look at proxy status column: # Orange cloud = Proxied (traffic through Cloudflare) # Grey cloud = DNS only (direct to origin)

# Key records to proxy: # - Main domain A/AAAA record # - www subdomain A/AAAA record # - API subdomain if using Cloudflare features # - Any subdomain needing protection/acceleration ```

1.Verify DNS resolution goes to Cloudflare:

```bash # Check if domain resolves to Cloudflare IP dig yourdomain.com +short

# Cloudflare IP ranges: # 104.16.0.0/13 # 172.64.0.0/13 # 162.158.0.0/15 # etc.

# If shows your origin IP, proxy is disabled ```

1.Enable proxy on DNS records:

In DNS > Records: - Click grey cloud icon to turn orange - Changes apply immediately

``` # Records that SHOULD be proxied: # - A records for web traffic # - AAAA records for web traffic # - CNAME records pointing to web destinations

# Records that should NOT be proxied: # - MX records (mail) # - TXT records for SPF, DKIM # - CNAME records for third-party services (if unsupported) # - SRV records # - NS records ```

1.Verify proxy is active with curl:

```bash curl -I https://yourdomain.com/

# Look for Cloudflare headers: # cf-ray: SomeRayID # CF-Cache-Status: HIT/MISS/BYPASS # Server: cloudflare

# If missing, traffic bypasses Cloudflare ```

1.Check Cloudflare nameserver delegation:

```bash # Verify nameservers point to Cloudflare dig yourdomain.com NS +short

# Should show Cloudflare nameservers: # june.ns.cloudflare.com # chad.ns.cloudflare.com

# If shows different nameservers, update at registrar ```

1.Verify nameservers at registrar:

Log into domain registrar: - Check DNS/nameserver settings - Ensure Cloudflare nameservers are set - Remove old nameservers

bash

# Cloudflare assigns two nameservers per zone
# Find yours in: Dashboard > DNS > Overview

1.Check for DNS propagation:

```bash # Test from multiple locations dig yourdomain.com @1.1.1.1 dig yourdomain.com @8.8.8.8

# If results differ, DNS still propagating ```

1.Test specific subdomains:

```bash # Check www separately dig www.yourdomain.com +short

# Check api subdomain dig api.yourdomain.com +short

# Each proxied subdomain should show Cloudflare IP ```

1.Verify SSL certificate:

```bash # Check SSL certificate issuer openssl s_client -connect yourdomain.com:443 2>/dev/null | openssl x509 -noout -issuer

# Proxied domains show: issuer=Cloudflare Inc ECC CA-3 # DNS-only shows your origin certificate issuer ```

1.Check Cloudflare analytics:

Navigate to: Analytics & Logs > Overview

``` # If proxy working, you should see: # - Traffic counts # - Bandwidth savings # - Request distribution # - Threat analytics

# Empty analytics suggests proxy not active ```

1.Verify WAF is active:

Navigate to: Security > WAF

``` # If proxy disabled, WAF shows "No data available" # WAF only works on proxied traffic

# Test WAF with known trigger: curl "https://yourdomain.com/?id=1' OR '1'='1" # Should be blocked if WAF active ```

1.Check for grey cloud on migrated records:

```bash # After DNS migration, some records may be DNS-only by default # Review all records after import

# In DNS records list, look for grey clouds # Enable proxy where appropriate ```

Verification

After applying fixes:

1.dig yourdomain.com +short shows Cloudflare IP range
2.curl -I https://yourdomain.com/ shows cf-ray header
3.DNS records show orange cloud in dashboard
4.Cloudflare analytics shows traffic data
5.SSL certificate issuer is Cloudflare
6.WAF and DDoS protection features active

How to Fix Cloudflare Proxy Not Working

Introduction

Symptoms

Common Causes

Step-by-Step Fix

Verification

Share this guide

More Cloudflare Troubleshooting Guides

Fix Cloudflare Zone Stuck in Pending Nameserver Update

Fix Cloudflare Proxied Service Failing on Unsupported Port

Fix Cloudflare HTTP/3 QUIC Protocol Not Working

Fix Cloudflare WebSocket Connection Failing Behind Proxy

Fix Cloudflare Waiting Room Still Blocking After Cutover

Fix Cloudflare Access Application Bound to Old Hostname