I have a section of my site that I need quick access to, but don’t want anyone on the outside to see. I’m trying to avoid a login/authentication (Access) type form. I’m wanting to use a Client Certificate for this, however upon research it seems this may not be possible with Cloudflare. If I’m correct, I believe Mutual TLS Authentication should work fine for this use case, however I don’t see anywhere on my dashboard for it and it says to contact support in the Docs. Is this a paid feature or can a Free or Pro account take advantage of Mutual TLS Authentication if I reach out to Support?
It most likely is and I wouldnt be surprised if it was Enterprise-only. You best contact support/sales.
This uses Cloudflare Access to auth TLS, however I know there are some headers you can get Cloudflare to send that include information about the client’s certificate (since CF is a reverse proxy, it can’t re-present the client certificate itself) if you talk to enterprise sales. You can see this by looking at the output of a business-class workers request object: https://workertest.judge.sh/ - request.cf.tlsClientAuth contains info about TLS client, although I believe it won’t do anything without getting the feature unlocked, and proxied headers would also need the feature unlocked.
Another option is Cloudflare Spectrum. You lose almost all non-ddos protection Cloudflare features but it can act as a ‘dumb’ layer 4 proxy and TLS clients will negotiate just fine.