Currently, we have domain.dev protected which only access from our VPN IPs, all other IPs are disallowed.
We made a CF worker to proxy traffic to domain.dev. CF worker is under domain.com and it is publicly accessible.
We want to create a rule which would not only allow the VPN access and also alow the CF worker access.
I create a Client Certificates mTLS in domain.dev and rule for allow access if cf tls_client_auth cert_verified.
When I tried to access the domain.dev with my mTLS, I still got rejected.
not sure if mTLS can support my use case but if not, is there any thing else we can use to achieve this?