Many of our non Enhance servers are locked to allow traffic flowing through Cloudflare only. All other traffic gets blocked to prevent DDoS and to take benefit of Cloudflare firewall.
There are 2 methods to achieve it.
A) Whitelist and allow only Cloudflare IP addresses in a firewall. https://www.cloudflare.com/en-in/ips/
B) Use Cloudflare Origin Cert. https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/
We use both the methods depending on our needs. We also have other IP addresses whitelisted for Uptime Monitor.
I hope this can be integrated as there are many benefits.