I’m using Cloudflare Zero Trust and am hosting an internal app. I have a number of webhook that need to be exposed externally, but the IP address that will be posting to the webhook is dynamic and changes.
So I am unable to lock it down to a specific IP or range. Other than having “Everyone” access to
domain.com/webhooks/* what else can I do to reduce the attack surface?