I am new to Cloudflare. I have a personal server hosted on a domain I own via Tunnels with Zero Trust protecting the main page with email auth and Google OIDC. A few services are on subdomains that don’t work with Zero Trust sign in, so they’re included login screens are exposed I guess, and I am attempting to protect these using crowdsec locally.
Cloudflare dashboard reports hundreds of hits daily from all over the world. It should be only me accessing at this point. It makes me nervous that someone is attempting brute force or other attacks. I have now blocked other countries, but I’m sure more attacks are coming from US ip addresses. Is there a better way to secure it so really it’s only accessible by me? I don’t love the idea of using a VPN-like option like WARP as I don’t want to affect battery life and have to enable the app every time I want to connect.
Is there a better way of limiting access more narrowly to me? Can I rest assured that all of these hits pose no credible threat?
What is the domain name?
sevenlayercookie.xyz
Have you searched for an answer?
Yes
When you tested your domain, what were the results?
Cloudflare Zero Trust Sign on Page
Describe the issue you are having:
Thousands of visitors from other countries. I should be the only visitor (for now, until I let friends and family connect). It’s a personal server.
What steps have you taken to resolve the issue?
- Enabled Zero Trust (for most subdomains) with email address auth and Google OIDC.
- Blocked all countries that aren’t USA
I do have certain subdomains with services that can’t be run behind Zero Trust authentication that are only behind their own built in login screens. I use crowdsec to try and protect those locally.