Workers, R2 and Pages - How to restrict access from allowed Cloudflare services only?

sam_cdn · September 10, 2023, 5:00am

Hi there,

I currently have Workers, Pages and R2, and these three serverless services are connected to each other.

What I want to do now is to restrict these three services from being accessed by other disallowed third parties. For example, the resources on R2 are only allowed to be accessed by the specified Pages application. If you try to directly access R2 resources, the access should be blocked directly by a 403 response at the firewall level (not by the application).

I know it is possible to set up the Referer detection mechanism in the WAF - however, this does not seem to be an efficient way.

This is originally easy to achieve on AWS through VPC Network, but I wonder if Cloudflare can do something similar?

Thanks.

WalshyMVP · September 10, 2023, 12:10pm

R2 - don’t enable public buckets and they’ll only be available through the binding
Workers - Disable workers.dev and don’t add any route/domain. Then it can only be accessed through the binding

system · September 13, 2023, 12:10pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.