Cloudflare Access with Dynamic IP
Hi there,
I setup Cloudflare Tunnel on a web server that has a dynamic public IP address and added a public hostname so I can login from anywhere, which works fine. How can I restrict access using Cloudflare Access? If the server is on a network with a static public IP, I can add a rule to only allow traffic on x.x.x.x/32, but I'm not sure how to do the same if I don't have/ can't get a static IP.
Thanks for your help!
6 Replies
Instead of using an IP restriction, why not setup Github or Google as SSO authentication methods for your Zero Trust instance, and then use an Application policy to restrict the site to those who sign in with Access and have the right email?
i haven't reconfigured Github yet but that's what it looks like
I think that's a good option for those who are remote, but I was hoping to use a Service Auth policy to avoid the CF login interstitial for those on the same network as the web server.
if they're on the same network, why not use split-horizon DNS so that you aren't adding unnecessary egress just to come back in?