Cloudflare Access Policy Creation Should Verify If Host Is CF Proxied

Right now when you create a new Cloudflare Access Policy, there are no checks or notices to inform the CF user that their intended hostname to be protected is not behind Cloudflare orange cloud proxy. If folks forget to orange cloud proxy the hostname in their DNS settings, then the intended hostname is not Access protected.

Suggestion, when creating a new Cloudflare Access Policy, during the save click stage, it should check to see if the intended hostname is behind CF Proxied orange cloud and warn or remind user that the intended hostname to be protected is not behind CF Proxied.

+1 I hadn’t noticed this, but your suggestion seems a no-brainer


Yeah possible scenario is if you have an admin/manager responsible for setting up CF Access for developers but they do not actually use the Access policy’s protected route/paths and just assume it works. Thus there will be a lag between when the Access policy was created and when the actual end user finds out the Access policy isn’t working due to the hostname not being CF proxied and further lag between when end user conveys that to admin and when it is rectified.

1 Like

Agreed. +1