I’m looking at setting up some load balances for entry points to my Applications and wanted a generic health check spread across my Load balancers associated with a shared pool.
I found I could hit my Argo tunnels directly without going through my Load balancer which I guess is understandable given the tunnels are CNAMES.
I want to hide those CNAMES from the wider world and only be used within my Load Balancer pools and for monitoring purposes.
Would I need to setup a WAF or FIREWALL rule or something like that to do this. So in short I want to block any CNAMES from being hit externally but still able to interrogate within my Cloudflare Argo tunnel setup and only present my LB’s as entry points for certain names.