In an earlier article "Backblaze B2, low-cost object storage, supports integration with CloudFlare CDN," a tutorial was introduced on how to integrate Backblaze B2 with CloudFlare CDN. However, there is a flaw where the B2 domain name exposes the bucket name, allowing anyone to use your CloudFlare accelerated domain name to accelerate Backblaze B2 or directly access the source site for fraudulent activities. This is not only unfriendly but also unsafe.

For example:

• The format of the B2-provided domain name is: https://f002.backblazeb2.com/file/bucket/xxx.txt
• After using CloudFlare acceleration, the domain name becomes https://b2.domain.com/file/bucket/xxx.txt

If I create a bucket named xiaoz in B2, then I can access your CloudFlare domain name https://b2.domain.com/file/xiaoz/xxx.txt, thereby consuming your CloudFlare traffic.

Alternatively, I can directly access your source site: https://f002.backblazeb2.com/file/xiaoz/xxx.txt for traffic hijacking.

The purpose of this article is to remove the extremely unfriendly URL path of B2 and hide the file/bucket/ content.

Prerequisites

If your B2 domain name has not yet been integrated with CloudFlare, please refer to this article: https://blog.xiaoz.org/archives/13256 for integration.

Create Transformation Rules

CloudFlare Dashboard - Rules - Transformation Rules - Create Transformation Rule - URL Rewriting.

Continue to fill in:

• Rule Name: Any name
• Field: Select "Hostname"
• Operator: Select "Equals"
• Value: Fill in the accelerated domain name for B2 on CloudFlare (your own domain name)

Then select "Rewrite to - Select Dynamic" for the path, and fill in:

concat("/file/bucket", http.request.uri.path)

Change bucket to your own storage bucket name, and then select "Deploy".

Optimization

Before optimization, our access path is: https://b2.domain.com/file/bucket/xxx.txt

After optimization, the path becomes: https://b2.domain.com/xxx.txt

As you can see, file/bucket/ has been removed.

Remove Unnecessary Response Headers

Backblaze B2 adds the following header parameters to the response header of the request:

• x-bz-content-sha1
• x-bz-file-id
• x-bz-file-name
• x-bz-upload-timestamp

Although they have little impact, just by looking at these parameters, it is known that you are using B2, and these parameter headers are generally not useful. We can also remove them using CloudFlare's rewrite rules.

Still, in the transformation rules section - Create Transformation Rule - Modify Response Headers.

The hostname part is the same as before:

Then select "Remove" for all of them, and finally fill in the aforementioned header parameters.

Summary

The transfer traffic between CloudFlare and Backblaze B2 is free. By using CloudFlare transformation rules, the bucket name can be hidden, making the URL more user-friendly and to some extent preventing the risk of Backblaze B2 being hijacked.

Some of the content in this article is referenced from: 【对象存储】搭配CF带宽联盟实现流量免费