CD
Cloudflare Developers•4w ago
F0rce

Cloudflare Access Proxy

I'm trying to build an authentication proxy to access (customer) resources secured behind zero trust. Basically some of our customers complained that their sandbox could be accessed by "anyone". We dont have anything on the sandbox that could hurt anyone (and API's are obviously secured). So I thought of a way of making an authentication proxy worker that has an random url that we share with the customer that authenticates the user and sends to cookie to the client that he can browse the site normally. But however I try it implementing with Hono nothing seems to be working. Eventhough my Service Auth access policy seems to be correct. What could I be doing wrong (I dont want to instanly share the code im using because If im going into the wrong direction, I'll try to find a different solution). Cheers 🙂
1 Reply
F0rce
F0rceOP•4w ago
Simple PoC: 
import { Hono } from "hono";

const app = new Hono();

app.all("/<random_url>", async (c) => {
  const headers = new Headers(c.req.header());
  console.log(headers);
  headers.set("CF-Access-Client-Id", "<ACCESS-TOKEN>");
  headers.set("CF-Access-Client-Secret", "<ACCESS-SECRET>");

  console.log(headers);

  const respone = await fetch("<customer_resource_url>", {
    method: c.req.method,
    headers,
    body: c.req.raw.body,
    redirect: "manual",
  });

  return respone;
});

export default app;
import { Hono } from "hono";

const app = new Hono();

app.all("/<random_url>", async (c) => {
  const headers = new Headers(c.req.header());
  console.log(headers);
  headers.set("CF-Access-Client-Id", "<ACCESS-TOKEN>");
  headers.set("CF-Access-Client-Secret", "<ACCESS-SECRET>");

  console.log(headers);

  const respone = await fetch("<customer_resource_url>", {
    method: c.req.method,
    headers,
    body: c.req.raw.body,
    redirect: "manual",
  });

  return respone;
});

export default app;
I still wasn’t able to figure this out. Does anybody have an idea what could go wrong?
Want results from more Discord servers?
Add your server