This is the feature I am trying to achieve, as found on CloudFlare:
7. (Optional) Some record types such *A* , *AAAA* , and *CNAME* allow a customer to toggle the Cloudflare proxy on or off. For the **Cloudflare Proxy Toggle:**
* An *orange cloud icon* proxies traffic through Cloudflare for the DNS record **Name** .
* A *grey cloud icon* ensures traffic for the DNS record **Name** is not proxied to Cloudflare. Cloudflare still serves DNS for a grey clouded DNS record, but no other Cloudflare features such as SSL, page rules, caching, WAF, etc are applied.
Grey cloud icons for *A* , *AAAA* , or *CNAME records* will expose your origin IP address to attackers and allows them to attack your origin IP address directly even if you later proxy traffic to Cloudflare. Direct attacks to your origin IP are only mitigated by asking your hosting provider to change your origin IP address.
And I can achieve this through redirects? I can’t see a reference to something that would allow this other than one about a single file redirect (https://docs.netlify.com/routing/redirects/rewrites-proxies/#proxy-to-another-service). Presumably this won’t work the same?