I’m assuming with Access, my “origin” can look for headers to know:
- If an access is coming via the Access proxy (as to limit requests to those only
- Perhaps who is accessing the content via the proxy
Where is this documented? I want to try log these attributes. Thank you!
You can authorize via JWT - or by simply only allowing connections coming from Cloudflare IP ranges and ensuring your web server only responds to the correct HOST header.
See the above link - the header
Cf-Access-Authenticated-User-Email is the email of the user.
I’ve not heard of such a header. In my case, I Bypass for my home IP address, so there’s nothing to put in the header other than IP address.
At best, you can query the API for currently used tokens: