💡 Add option to require Cloudflare Access

Question

💡 Add option to require Cloudflare Access

mhr3 opened this issue 5 months ago · comments

Describe the feature you'd like
When mapping services to domains in the configuration, it would be useful it you could specify that a service requires authentication via Cloudflare Access. This would ensure that when there's no Access application setup (inadvertently), the service isn't publicly accessible on the internet (as that would be the case atm if the tunnel is already mapped to a dns name).

Something along the lines of:

  - hostname: gitlab.widgetcorp.tech
    service: http://localhost:80
    requires_auth: true

Erisa A · Answer 1 · Wed Jan 31 2024 04:32:18 GMT+0800 (China Standard Time)

You can use these: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/configure-tunnels/origin-configuration/#access-settings

  - hostname: gitlab.widgetcorp.tech
    service: http://localhost:80
    requires_auth: true
    access:
      required: true
      teamName: <your-team-name>
      audTag:
        - aud1 <Access-application-audience-tag>
        - aud2 <Optional-additional-tags>

If you don't have a specific Access app to tie it to, just omit the audTag part and it will work with any application.

João Oliveirinha · Answer 2 · Tue Feb 06 2024 22:12:06 GMT+0800 (China Standard Time)

as stated, this is already supported as suggested by @Erisa