Is it possible to use CF Access for a specific port, but not for other ports at a given subdomain?
Use case: my.site.com has an admin panel @ port 2053 which I’d like to protect with 2FA, but for my.site.com:80 or 443 I’d like to keep it open (Also proxied by CF of course but not with 2FA)
I have the A record setup correctly, and CF Access as well, but of course, I need 2FA both for this example “admin panel” and for the landing page I’d like to keep public
Another option would be implementing a Load Balancer at my origin but that would complicate things and adding costs, so I’d really love to save myself this step
Cloudflare only proxies ports 80 and 443, without Cloudflare Spectrum. The A record by the way also will only indicate to a browser what the IP address is, the browser will infer by default ports 443/80.
Cloudflare Zero Trust will only protect websites that are on port 443 (and maybe 80, however I can’t see a use case for it), which are proxied.
Two alternatives would be:
- To use Cloudflare Gateway, to remote into your network where you can secure your site with 2FA on CF Access
- To setup a reverse proxy for your admin panel on different subdomain (say
admin.site.com), and then secure that with CF Access.
Thank you. What do you mean by “Remote into the network to secure the site with CF Access”?
Sorry, I look back on it now and I realise I really poorly worded that
You can use Cloudflare Tunnels to act as a Reverse Proxy using Ingress Rules, and then use Cloudflare Access on that tunnel. This is usually my go-to solution, however isn’t applicable if you’re using a shared hosting platform (like most cPanel instances for example)
You’re 100% right! How I didn’t think of this. This is the way to go! Thank you