Validating HTTP Cryptographic Signature

Whilst I want to restrict access to mycompany.com/api to a single company, I am unable to whitelist any CIDRs due to the wide range of IPs used.
They do support other methods which I will list but can I filter this so other non-company connections are blocked?

    • HTTP Authentication in conjunction with encryption
    • Password protected URL
    • Cryptographically signed incoming requests

Does CloudFlare support validating these methods and blocking those that fail?

**Edited Title and Category.

Cloudflare does support authenticated origin pulls, which should be able to accomplish #3 in your list.

While I haven’t tested this too much, it looks like you could use the new Transform Rules feature to add an Authorization header, adding basic HTTP Authentication to requests coming through Cloudflare.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.