💡 Add option to require Cloudflare Access
mhr3 opened this issue · comments
Describe the feature you'd like
When mapping services to domains in the configuration, it would be useful it you could specify that a service requires authentication via Cloudflare Access. This would ensure that when there's no Access application setup (inadvertently), the service isn't publicly accessible on the internet (as that would be the case atm if the tunnel is already mapped to a dns name).
Something along the lines of:
- hostname: gitlab.widgetcorp.tech
service: http://localhost:80
requires_auth: true
You can use these: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/configure-tunnels/origin-configuration/#access-settings
- hostname: gitlab.widgetcorp.tech
service: http://localhost:80
requires_auth: true
access:
required: true
teamName: <your-team-name>
audTag:
- aud1 <Access-application-audience-tag>
- aud2 <Optional-additional-tags>
If you don't have a specific Access app to tie it to, just omit the audTag
part and it will work with any application.
as stated, this is already supported as suggested by @Erisa