gRPC connections
Cloudflare offers support for gRPC to protect your APIs on any proxied gRPC endpoints. The gRPC protocol helps build efficient APIs with smaller payloads for reduced bandwidth usage, decreased latency, and faster implementations.
Availability
| Free | Pro | Business | Enterprise | |
Availability | Yes | Yes | Yes | Yes |
Charges may occur for gRPC traffic over add-on products such as Argo Smart Routing, WAF, and Bot Management.
Limitations
Running gRPC traffic on Cloudflare is compatible with most Cloudflare products.
However, the following products have limited capabilities with gRPC requests:
- The Cloudflare WAF will only run for header inspection during the connection phase. WAF Managed Rules will not run on the content of a gRPC stream.
- Cloudflare Tunnel currently does not support gRPC.
- Cloudflare Access does not support gRPC traffic sent through Cloudflare’s reverse proxy. gRPC traffic will be ignored by Access if gRPC is enabled in Cloudflare. We recommend disabling gRPC for any sensitive origin servers protected by Access or enabling another means of authenticating gRPC traffic to your origin servers.
Enable gRPC
Requirements
- Your gRPC endpoint must listen on port 443.
- Your gRPC endpoint must support TLS and HTTP/2.
- HTTP/2 must be advertised over ALPN.
- Use
application/grpcorapplication/grpc+<message type(for example:application/grpc+proto) for the Content-Type header of gRPC requests. - Make sure that the hostname that hosts your gRPC endpoint: - Is set to proxied - Uses at least the Full SSL/TLS encryption mode.
Procedure
To change the gRPC setting in the dashboard:
- Log in to your Cloudflare account and go to a specific domain.
- Go to Network.
- For gRPC, switch the toggle to On.