Cloudflare Access Policy Creation Should Verify If Host Is CF Proxied

eva2000 · May 1, 2020, 12:25am

Right now when you create a new Cloudflare Access Policy, there are no checks or notices to inform the CF user that their intended hostname to be protected is not behind Cloudflare orange cloud proxy. If folks forget to orange cloud proxy the hostname in their DNS settings, then the intended hostname is not Access protected.

Suggestion, when creating a new Cloudflare Access Policy, during the save click stage, it should check to see if the intended hostname is behind CF Proxied orange cloud and warn or remind user that the intended hostname to be protected is not behind CF Proxied.

cbrandt · May 1, 2020, 6:14pm

+1 I hadn’t noticed this, but your suggestion seems a no-brainer

eva2000 · May 2, 2020, 5:01am

Yeah possible scenario is if you have an admin/manager responsible for setting up CF Access for developers but they do not actually use the Access policy’s protected route/paths and just assume it works. Thus there will be a lag between when the Access policy was created and when the actual end user finds out the Access policy isn’t working due to the hostname not being CF proxied and further lag between when end user conveys that to admin and when it is rectified.

intr0 · May 2, 2020, 12:50pm

Agreed. +1

Topic		Replies	Views
When to orange cloud a record Getting Started dns	2	9012	June 18, 2021
DNS Orange cloud flips gray after 24h Getting Started	5	1934	June 27, 2020
DNS Cloudflare Proxy (Orange Cloud) Security Access dns	2	2501	March 27, 2019
Not proxied domain in Cache Performance Website, Application, Performance	3	1947	December 5, 2020
Cloudflare Access - New feature comments Access	7	3488	August 13, 2019

Cloudflare Access Policy Creation Should Verify If Host Is CF Proxied

Related topics