Cloudflare Tunnel & Access Tutorial
Today I am going to show you the basics of how to use the Cloudflare Access to protect a WordPress post with a one-time access token. Cloudflare will automatically email it to your users.
Look, right upfront I am going to tell you that I am in love with Cloudflare. Our ole relationship started when CF was in beta and every step has been a great experience. Her and I have had our disagreements but like a favorite pair of jeans, we have stuck together.
Seriously, you cannot beat Cloudflare’s free tier and free features like their free tier tunnel and access plan.
You ask: what is the Cloudflare free tunnel and access plan?
Cloudflare Tunnel is a tool that allows you to securely expose services running on your local machine to the internet.
Cloudflare Access is a way to control who can access your web applications and APIs. Together, they provide a secure and easy way to access your local services from anywhere.
I will be using a live page on this site (here). After you have followed the tutorial, I highly encourage you to explore and learn Cloudflare! A note of importance is you need to already be hosting your DNS with Cloudflare for this to work. Honestly, I cannot understand why everyone does not use CF.
Let’s get started. Again, you will need to have your domain already active on the Cloudflare platform. Signup (here + choose free) if you do not already have an account.
From this point on I assume you have an active CF account and an active domain.
Once logged into the Cloudflare dashboard, locate in left menu “Zero Trust” and go! You will then see a screen similar to this:
Referring to the above image, click on the “access / applications” tab and choose “self-hosted”. You will then see a screen similar to this:
Referring to the above image, you need to:
- Give the application a name and choose the session duration
- Choose your active domain from dropdown
- Add the path – example cloudflare-tunnel-login/
Referring to #3 above: In this example I am protecting https://terryjett.com/cloudflare-tunnel-login/
Leave the rest of settings as is for this tutorial. Click “Next”. You then arrive at screen similar to this:
Referring to the above image, you need to:
- Add your policy name
- Choose action from dropdown – in this case we are using “allow”
- We left the session same time as previous step
- We chose “emails ending in” for this tutorial.
- We added @gmail and @duck
Referring to #5 above: This means that ANY email address ending in @gmail.com or @duck.com can request an access token to login.
Click “Next”. We are now basically finished and can leave the CORS settings at default. I am not going to cover the CORS settings, but I encourage you to explore all the help links provided in each step.
Now it is time to test what we did above. You will need to use a @gmail or @duck email to access the protected page. Cloudflare will send an email IF you use the right domain addresses we set. The email will look like this:
Go ahead and try out this link if you have not already.
Some other great uses for Zero Trust Access are:
- Secure access to internal applications
- Grant access to third-party vendors
- Enforce security policies based on user behavior
It’s a great tool for maintaining security and control over your network. Some additional examples of how Cloudflare Zero Trust Access can be used include securing access to APIs, providing secure remote access to employees, and controlling access to sensitive data or resources. Really the uses are broad and I HIGHLY encourage you to explore the Cloudflare site.