Need help with redirecting a subdomain to another domain.

I want to redirect *.domain.app to domain.cc/app/* The fact that there's two different TLD's is a bit tricky, but they're both listed under cloudflare and use it's DNS. I've attached a picture of a DNS record that I tried adding, but I get an Origin DNS error when trying to visit the .app site. My goal is to REDIRECT, and not FORWARD.
No description
44 Replies
x03
x03OP10mo ago
gonna try out some page rules stuff
Chaika
Chaika10mo ago
Yea CNAMEs don't work like that, can't specify path or anything, nor do they redirect. They're a DNS level concept of "look over here to resolve A/AAAA/etc records" Page Rules, Dynamic Redirect Rules, or Bulk Redirects are your best option
x03
x03OP10mo ago
Ah okay, I cant seem to get page rules to work though. Here's my setup:
No description
x03
x03OP10mo ago
when i try to visit tsar.app, i get this:
No description
Chaika
Chaika10mo ago
you don't have a dns record created for tsar.app, and wildcards only cover subdomains you can create AAAA @ 100:: Proxied and AAAA * 100:: Proxied 100:: being IPv6 Discard, basically saying "if nothing in CF handles this, there's nowhere to go"
x03
x03OP10mo ago
That worked perfectly, thanks. One more question: When I try to make a rule to redirect auth.tsar.cc/* to tsar.cc/auth/*, I get the same exact issue. Do I just need to add the AAAA entries in the tsar.cc DNS as well? I already have DNS records for tsar.cc though
x03
x03OP10mo ago
Rules:
No description
x03
x03OP10mo ago
My CNAME entry redirecting tsar.cc to tsarcc.pages.dev
No description
x03
x03OP10mo ago
Cause I do have them for tsar.cc, yet i still get the DNS_PROBE_FINISHED_NXDOMAIN error when visiting auth.tsar.cc
Chaika
Chaika10mo ago
you have the wildcard on tsar.cc?
x03
x03OP10mo ago
Yeah, this time my goal is to redirect auth.tsar.cc/* to tsar.cc/auth/* The .app one works fine now, so it's irrelevant
Chaika
Chaika10mo ago
You should just do AAAA auth 100:: Proxied in that case don't do wildcard unless you want to redirect all
x03
x03OP10mo ago
I need to include the rest of the request though. Typically you'd visit auth.tsar.cc/f82d4a57-389f-4682-bb94-dda46f28e0a7/something and I need the two parameters to stay
Chaika
Chaika10mo ago
cname entries don't ever redirect probably a key thing worth pointing out unless you have a seperate redirect on there a CNAME is just saying "DNS, resolve this by going over here"
x03
x03OP10mo ago
oh yeah I meant resolving thats a default entry made by pages
x03
x03OP10mo ago
I tried adding this
No description
x03
x03OP10mo ago
but it still wont work
Chaika
Chaika10mo ago
TSAR
Modern security solution for software developers.
x03
x03OP10mo ago
No description
Chaika
Chaika10mo ago
that's just dns cache can take up to an hour or longer, depends on your DNS Resolver
x03
x03OP10mo ago
oh, could it be the page rules making it work or the dns entry? which should I keep
Chaika
Chaika10mo ago
You visited it when it didn't exist, so you have negative cache saying the record doesn't exist
x03
x03OP10mo ago
makes sense
Chaika
Chaika10mo ago
You need both the DNS Entry and the Page rule for a redirect to work. The DNS Entry lets CF know it should publish a/aaaa proxy IPs and make it connectable. The Page Rule handles the incoming traffic
x03
x03OP10mo ago
Ah, makes perfect sense. Thanks for the explanation.
Chaika
Chaika10mo ago
TSAR
Modern security solution for software developers.
x03
x03OP10mo ago
How do I get the curl command to work? Did I paste it wrong?
No description
Chaika
Chaika10mo ago
no, just dns cache
x03
x03OP10mo ago
damn okay try www.tsar.cc
Chaika
Chaika10mo ago
I always test everything on a test box which uses 1.1.1.1 directly no cache or anything
x03
x03OP10mo ago
I get a server error for www.tsar.cc, heres my entry
No description
Chaika
Chaika10mo ago
that 522's. What are you looking for? If it's a Pages Custom Domain, you need to add it under the Pages Project Custom Domains tab
x03
x03OP10mo ago
I should set one up as well, i just use googles dns rn just treat it like the root domain I need www to either redirect or act as the root
Chaika
Chaika10mo ago
you need to add it under the Pages Project Custom Domain tab if you want it to work, just like you did for the root
Chaika
Chaika10mo ago
Cloudflare Docs
Redirecting www to domain apex · Cloudflare Pages docs
In this guide, you will learn how to redirect the www subdomain to your apex domain (example.com). This is a common question and can be achieved by …
x03
x03OP10mo ago
oh wow, interesting. Needing to add www. to the pages project but not needing the same for auth. is confusing but im assuming thats the case cause auth redirects while www resolves
Chaika
Chaika10mo ago
because auth is just redirecting
x03
x03OP10mo ago
makes sense thanks for the help, everything should be working fine now
Chaika
Chaika10mo ago
It may be worth pointing out further, the difference between CNAMEs and redirects. A redirect is a simple response that makes the browser go to that url, and resolve it/send a request to it. When you use a CNAME, proxied or unproxied, the CNAME is resolved down to an IP address (v4 or v6, a/aaaa respectively), and a request is send to it. The request contains the hostname and serverName of the original request. Like for www, it'd be www.tsarc.cc. Cloudflare Pages uses CF for SaaS under the hood, which has a sort of allowlist for host headers/serverNames. It sees www.tsarc.cc and says "that's not on the list, only tsarcc.cc is" This would also happen if you CNAMEd from www to root, as it'd still flatten down to IPs and the host header/serverName would be www
x03
x03OP10mo ago
Ah okay
Chaika
Chaika10mo ago
Proxied CNAMEs only show Proxy IPs which makes following the trail externally harder, but for example with wikipedia when using a public resolver, you can see it just followed the CNAME to get the IP to connect to ;; QUESTION SECTION: ;en.wikipedia.org. IN A ;; ANSWER SECTION: en.wikipedia.org. 6757 IN CNAME dyna.wikimedia.org. dyna.wikimedia.org. 300 IN A 103.102.166.224 For Web Browsers, it's essentially/kind of the same if it returned the A record directly
x03
x03OP10mo ago
Oh alright, so proxied doubles as both DDoS protection, etc as well as hides your origin server IP
Chaika
Chaika10mo ago
It'd only work as DDoS Protection if it hides your origin ip otherwise even if you properly firewall'd your origin to only allow requests from CF, they could still down it by volumetric attacks/brute force Proxied has requests flow through the entire CDN, benefiting from Edge Caching, WAF/Security/DDoS Protection, Redirects, HTTP/3, etc
x03
x03OP10mo ago
Yeah, that's how I assumed it worked. Alright, I'll keep that in mind also marking this issue as solved
Want results from more Discord servers?
Add your server