New Cloudflare User and can’t seem to find documentation on what I’m trying to do.
I’m setting up a proof of concept to push our web traffic through Cloudflare to use as a WAF & LB in front of IIS servers. I was going to allowlist the cloudflare IPs for this test instance at the firewall. However, I realize that a bad actor could have a cloudflare account and proxy requests through the Cloudflare IPs. How do I authenticate requests coming from cloudflare as being sourced from our account? Or is there a better option with a tunnel that I’m not seeing? Thanks.