How to Restrict Access to a Website or R2 Bucket With Cloudflare Zero Trust

Websites & Domains • Ryder Cragie • 27th October 2023Article Short Link: Ryder.link/cloudflare/zero-trustVideo Short Link: Ryder.link/cloudflare/zero-trust/video

Introduction

If you have a website that is proxied through Cloudflare, or you have a Cloudflare R2 storage bucket connected to your domain, you may want to lock it down so only authorised users can access the contents of the website or R2 bucket. This article will explain and walk you through exactly how to do that.

R2

Skip this section if you are not locking down an R2 bucket, if you are already familiar with R2 or if you have a bucket already.

Creating An R2 Bucket If You Don't Already Have One

If you don't already have an R2 bucket and would like to create one to host files across the internet and lock it down, follow the below steps.

Website

Skip this section if you are not locking down a website, or if you are and your website is already proxied.

Ensuring Your Website Is Proxied

To lock down a website you need to ensure that your website is proxied through Cloudflare's servers. You can learn more about the Cloudflare proxy and what it does here.

Creating The Access Application And Policy In Zero Trust

You now need to create an access policy for this R2 domain/subdomain using Cloudflare Zero Trust so that access can be restricted. Here is the process for how to do that. The process is the same regardless of whether you are locking down an R2 bucket or a website.

Optional: You can specify a file path that you'd like to block and leave everything else unblocked. If you want to specify more than one subdomain, domain, and/or file path, click "Add domain" to add another row so you can add more criteria.

Optional: If you want users to be prompted to provide a reason for accessing the resource, scroll down and enable "Purpose justification" under "Additional settings".

Testing The Policy

Conclusion

Congratulations! You've created a secure and locked down website or R2 bucket using Cloudflare Zero Trust. If you have any issues, feel free to join the Cloudflare Discord server to discuss any problems or questions!