How to disable ECH for your domain on Cloudflare

As you know, Roskomnadzor (RKN) blocked Encrypted Client Hello (ECH) technology, and Cloudflare unexpectedly forced it on for all users. This has caused serious problems for those using Cloudflare, especially for users in Russia. Let's solve this problem!

If you need to disable Encrypted Client Hello (ECH) for your domain on Cloudflare, follow these steps. This process involves checking the current ECH status and then disabling it via the Cloudflare API.

Step 1: Check if ECH is enabled

First you need to check if ECH is enabled for your domain. To do this, follow the following link, replacing [ВАШ_ДОМЕН] to your real domain:

https://dns.google/resolve?name=[ВАШ_ДОМЕН]&type=HTTPS

If the results show that ECH is enabled, then proceed to the next step.

Step 2: Get data for the Cloudflare API

To disable ECH you will need Global API Key And Zone ID your domain.

  1. Global API Key. Go to the Cloudflare page using the following link and find your global API key: https://dash.cloudflare.com/profile/api-tokens

  2. Zone ID. Go to manage your domain on Cloudflare and scroll to the bottom of the page. Find the line Zone ID and copy it.

Step 3: Disable ECH via Cloudflare API

Now that you have the Global API Key and Zone ID, you can disable ECH using the command curl. Run the following command, replacing {ID_ZONE} to yours Zone IDA {ACCOUNT_EMAIL} And {GLOBAL_API_KEY} to your email and API key respectively:

curl -X PATCH "https://api.cloudflare.com/client/v4/zones/{ID_ZONE}/settings/ech" \
     -H "X-Auth-Email: {ACCOUNT_EMAIL}" \
     -H "X-Auth-Key: {GLOBAL_API_KEY}" \
     -H "Content-Type:application/json" --data '{"id":"ech","value":"off"}'

Step 4: Disabling ECH via Postman

You can also disable via Postman:

  1. In Postman, select a method PATCH and enter the URL:
    https://api.cloudflare.com/client/v4/zones/{ID_ZONE}/settings/ech

  2. IN Headers add the following fields:

    • X-Auth-Email: Your Cloudflare email address.

    • X-Auth-Key: your Global API Key.

    • Content-Type: application/json

  3. IN Body select raw and enter the following JSON:

    {"id": "ech", "value": "off"}

And for users CloudFlare paid plans There is a simpler option:

  1. Go to your SSL/TLS settings in your Cloudflare dashboard.

  2. In the “Edge Certificates” section, find “Encrypted ClientHello (ECH)” and select “Disabled” if you want to disable encryption.

Free Internet to everyone!

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *