My website is using Cloudflare DNS. I want to know if there is a way to restrict access to files stored on my subdomains, such as dl. and cdn., so that only my main domain can access them. Third-party websites should not be able to use direct links to these files. Is this possible?
DNS records
Wonder how the the application or system works if the domain.com is required to access via public hostname? 
Otherwise, those assets are e.g. CSS, JavaScript, images, etc.?
Make sure to send noindex, nofollow just in case for those sub-domains as well.
What kind of files you’ve got on them?
If it’s images, Hotlink protection would work well, despite they could get downloaded via other technique.
You could use Referer HTTP header for help as well with Custom WAF rule, e.g.:
(http.referer ne "https://yourdomain.com") and (http.host eq "dl.yourdomain.com" or http.host eq "cdn.yourdomain.com")
Otherwise, using Transform Rules to Modify Response Header to either set or remove Referer header, same could be done with Worker or even Snippets if using paid plan type
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.