Mans
CDCloudflare Developers
•Created by Mans on 9/25/2024 in #general-help
Can you expose an application to the Internet by cloudflare without TLS termination?
The TLS is typically terminated at Cloudflare servers . This means that CF decrypts the traffic, scans it and re-encrypted it to origin server.
I want the traffic to be end to end encrypted from client to the origin server. This requires TLS pass-through. I want to enforce ACLs at cloudflare as much as possible. For example, IP filtering should be easily doable, but also forwarding client certificate.
Another workaround would be that client authenticates to Cloudflare through some kind of SSO. If authentication is successful, client obtains a token from CF, and then establishes a direct TLS connection with the origin server .
Does anyone know if TLS pass through is possible, and what kind of ACLs can be enforced?
2 replies
CDCloudflare Developers
•Created by Mans on 9/10/2024 in #general-help
Access analytics
I have a rule in Cloudflare Access allowing access from 1.2.3.4/24 (to my tunnel endpoint). If a connection is blocked, I don’t care. If it’s allowed, I want to see some analytics, if possible IP addresses, browser etc. This allows me see if people are trying vulnerabilities on my website.
There won’t be many visitors.
Can this be done and how?
4 replies