DNS-based bypass to AWS ALBs provides emergency mitigation path

Publishing DNS records that bypass Cloudflare proxy and point directly to AWS Application Load Balancers can restore service access during proxy failures. This requires pre-testing to verify TLS configuration, static asset delivery, and security controls work without Cloudflare proxy.

Pre-document DNS bypass procedures including AWS ALB endpoints for each region (us.cloud.langfuse.com, cloud.langfuse.com, hipaa.cloud.langfuse.com). Test bypass routing in advance to verify TLS configuration, static asset delivery, and security controls work without Cloudflare proxy. Consider risks: loss of WAF protection, different TLS requirements, uncached static assets. Only use during confirmed proxy outages.