Why is there a "Protect with Access" on the "Public Hostnames" settings page?

What is the name of the domain?

example.com

What is the issue you’re encountering

If I used the Cloudflare Dashboard to expose a new Public Hostname using an existing cloudflared tunnel, there is an option Protect with Access under the Access Category. The applications I’ve defined already have a DNS name configured, so why is this option needed in the first place? Even if I deactivated this setting, the Application Security seems to work just fine.

Screenshot of the error

That option enforces strict JWT verification on the hostname at the cloudflared side so that request will only be allowed if they come from Access. This protects you against any misconfigurations if you accidentally remove the access app (in which case the requests will fail instead of succeed) and also protects you against any requests that somehow (there are no known methods, but…) bypasses Cloudflare Access to request the origin directly.

2 Likes

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.