Cloudflare Zero Trust Policy question

I’m using Cloudflare Zero Trust and am hosting an internal app. I have a number of webhook that need to be exposed externally, but the IP address that will be posting to the webhook is dynamic and changes.

So I am unable to lock it down to a specific IP or range. Other than having “Everyone” access to

domain.com/webhooks/* what else can I do to reduce the attack surface?

Is it a single device? Would it be possible to have that requestor go direct to the origin IP address instead of the hostname?

it has to go via the hostname that is using Cloudflare teams access.

IF only there was an option to “allow secret header string”, then I could add that to all requests, but there is no options for anything like that.

1 Like

not useful as only Enterprise plan , so not a solution really

I’m not seeing that. My free plan zone has the button as described.

1 Like

I come accross the same issue. Have you found a solution how to explore an url for webhook without the authentication process?

as far as I understand, the Access Service Tokens works as the first step of authentication. If your brower has configured with the Tokens, that means only you have permission to go to the secend step of authentication: One-time PIN or other SSO from other Identity providers. For webhook we need no extra authentication steps just one GET from brower. The Access Service Tokens is probablly not the right solution.