How to secure GCP global external LB behind Cloudflare using mTLS zone level

@arrowheadapps Just answering this question:

You have a valid CA with Basic Constraints set to CA:true to set at GCP resources side in this wiki page

I’ve created a GCP Trust Config with it and attached a TLS policy to the Global Load Balancer that allows only traffic coming from Cloudflare without using CloudArmor security policies.

Feel free to contact me through this thread if you have any questions. The other thread you created caught my attention.

I would like to explore per-hostame authenticated origin pulls but I didn’t have time yet.

Regards,

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.