- I configured my site with Authenticated Origin Pulls and on server side, I verify that connection comes from CloudFlare (I’m doing a ssl client verify operation).
- I configured CloudFlare Access to access some URLs on my server in an authenticated way. Access checks if the users are in some Github organisation etc… So its doing authorisation too: It works.
However: Can other customers of CloudFlare connect to my server?
In this case, they could bypass CloudFlare access. I found no way to send my CloudFlare email address or a secret token in the HTTP header that I’m sure that the request is incoming 100% of my CloudFlare account.
Is there a way to secure that no other customer of CloudFlare can access my server?