Replace VPN with something from Cloudflare


my appologies for possibly stupid question, but what service from Cloudflare could replace classic client VPN access to ease up the process? I have a dozen of users which access HTTPS Website, and this web server has firewall with only limited IP access.
Problem is with all those users having no idea how to setup anything, and if there is a problem, I have gozillion of phone calls of nervous users and nobody pays me for this work.

So I would like to maybe tunnel or route this Website traffic through Cloudflare and secure it somehow, because it is in-house programmed website and it might not be secure enough to be opened to public.
I’ve tried ZeroTrust, but haven’t been able to configure it properly, beside it also needs Client install, which makes no sense to me to switch over from VPN to another ZeroTrust client - both require my intervention on clients, which I would like to avoid. Or I misunderstood ZeroTrust principle?

Any idea what service to use without a need to rob a bank?

Zero Trust doesn’t mean zero work. If it’s strictly HTTPS websites and they are publicly accessible you could look at adding the domain(s) to Cloudflare, creating access policies for each application in Cloudflare and restricting it to the authorized users who would authenticate via SSO.

What have you tried? What isn’t working?

Maybe? Insufficient details to say. Can you provide an example or two?


Hi, thanx for reply!

I understood ZeroTrust as a web interface between clients and web site. But when I begun with test configuration, I stuck with WARP client and policies, which I understood as some client needs to be installed on client side to match the access policy. Then I quit.

I have absolutelly no problems working on server side or CF side to configure service, but have a lot of problems installing and maintaining anything on client side, because customer does not pay me for such work adequately.

1 Like

Access policies is probably the best way to secure a website and require authentication without also necissarily requiring client software installation. Since these are HTTPs apps that’s where I would focus and the above link is a good starting point.


1 Like

That looks promising.
Our app is hosted on Digital Ocean, it runs in a docker and is programmed in-house from scratch.
On the other side, users arecalready using MS Authenticator for O365, so they are used to it.

I guess this can be linked together to employ MS Authenticator as identity provider for our app. Let’s read some docs…

I think these two articles would be a good starting point on what you’d like to achieve

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.