Cloudflare Zero Trust Policy question

I’m using Cloudflare Zero Trust and am hosting an internal app. I have a number of webhook that need to be exposed externally, but the IP address that will be posting to the webhook is dynamic and changes.

So I am unable to lock it down to a specific IP or range. Other than having “Everyone” access to

domain.com/webhooks/* what else can I do to reduce the attack surface?

Is it a single device? Would it be possible to have that requestor go direct to the origin IP address instead of the hostname?

it has to go via the hostname that is using Cloudflare teams access.

IF only there was an option to “allow secret header string”, then I could add that to all requests, but there is no options for anything like that.

1 Like

not useful as only Enterprise plan , so not a solution really

I’m not seeing that. My free plan zone has the button as described.

1 Like