Cloudflare Access TCP/UDP access

cae.vieira · May 30, 2020, 7:50pm

I have a Cloudflare Access with a policy on every subdomain (*.domain.tld) and a reverse proxy (traefik) on my <domain.tld>.
This is working pretty well with a lots of services I have. But now I want to have a UDP/TCP that will run on <exemple.domani.tld> and the reverse proxy will redirect the defined port to the correct service, but the requests are not even getting to traefik, so my guess is that Cloudflare Access are blocking them.

Does Cloudflare Access also blocks unauthenticated UDP/TCP requests? If so, is there a way that I can bypass certain ports?

Judge · May 30, 2020, 8:57pm

Due to how DNS works, you can’t return different DNS answers based on what port the application is trying to use. What you’re trying to do is use Cloudflare’s IP (the one that guards HTTPS with Access) when it needs to be protected, but your own non-proxied IP when you need to send UDP/TCP.

Your best bet is to whitelist the IP of the server sending UDP/TCP requests on your server(s) and have it send directly to the IP address of those servers instead of using the DNS for IP lookups.

Topic		Replies	Views
Access doesn't work for TCP Connection Cloudflare Tunnel	3	3056	October 15, 2024
Port-based rules Rules	6	2749	April 8, 2023
Cloudflare as Reverse-Proxy to our servers DNS & Network	5	36857	December 7, 2021
DNS Over TLS behind cloudflare DNS & Network	4	2749	August 25, 2022
Server Behind NAT Can't be Access whith Cloudflare Proxy Protected? General	17	6208	August 12, 2021

Cloudflare Access TCP/UDP access

Related topics