Cloudflare Access with Dynamic IP

Hi there,

I setup Cloudflare Tunnel on a web server that has a dynamic public IP address and added a public hostname so I can login from anywhere, which works fine. How can I restrict access using Cloudflare Access? If the server is on a network with a static public IP, I can add a rule to only allow traffic on x.x.x.x/32, but I'm not sure how to do the same if I don't have/ can't get a static IP.

Thanks for your help!

SScrawny Spider Hi there, I setup Cloudflare Tunnel on a web server that has a dynamic public I...

Brandon | Cloudflare TSE•7/24/23, 11:09 PM

Instead of using an IP restriction, why not setup Github or Google as SSO authentication methods for your Zero Trust instance, and then use an Application policy to restrict the site to those who sign in with Access and have the right email?

Brandon | Cloudflare TSE•7/24/23, 11:09 PM

Brandon | Cloudflare TSE•7/24/23, 11:09 PM

i haven't reconfigured Github yet but that's what it looks like

Brandon | Cloudflare TSE•7/24/23, 11:12 PM

Scrawny SpiderOP•7/24/23, 11:25 PM

I think that's a good option for those who are remote, but I was hoping to use a Service Auth policy to avoid the CF login interstitial for those on the same network as the web server.

Brandon | Cloudflare TSE•7/24/23, 11:30 PM

if they're on the same network, why not use split-horizon DNS so that you aren't adding unnecessary egress just to come back in?