Firstly, I want to say that I can't get enough of CloudFlare. Whether it's the free SSL or the instant speed boost, there's a lot to love.
However, I have recently had some issues which I couldn't find documented anywhere online, so hopefully this can help someone else out.
I was trying to run SQL Server Reporting Services (SSRS) behind CloudFlare.
I was constantly getting prompted for a username and password. It didn't matter how many times I entered the correct password, the response was 401 Unauthorized.
Solution
It turns out that Windows Authentication over NTLM or Kerberos actually violate the HTTP 1.1 spec and CloudFlare do not support this.
This means that you cannot run any site that requires NTLM or Kerberos behind CloudFlare. Instead you need to look for alternative authentication methods.
The only alternative method available to me in SSRS 2014 is Basic. This is a sad state of affairs, but as the site is HTTPS only, this shouldn't be too bad. As soon as I changed the authentication method to Basic, the site started working perfectly.
To change the authentication type, you simply need to:
- Load the RSReportServer.config file
- Find the < Authentication > element.
- Ensure only < RSWindowsBasic /> appears in the < AuthenticationTypes > element.
- Restart the service.
More detailed instructions can be found here: https://technet.microsoft.com/en-us/library/cc281309(v=sql.105).aspx
SSRS 2016 (due out June 1st 2016) supports Digest authentication, which CloudFlare also supports. So this would be a recommended change to make, if you can.