· John Dummy  · 1 min read

Cloudflare Access Authentication

Setting up Zero Trust hierarchical access control for your blog content.

Setting up Zero Trust hierarchical access control for your blog content.

Cloudflare Access provides Zero Trust authentication for your blog, allowing you to protect content based on hierarchical access levels (public, friends, family, private) without managing a complex user database.

Architecture

The blog uses a path-based security model:

  • /public/* → No authentication required (Public Bypass).
  • /friends/* → Requires authentication (Friends Email List).
  • /family/* → Requires authentication (Family Email List).
  • /private/* → Requires authentication (Restricted to Owner).

Prerequisites

  1. Cloudflare account with an active website (Zone).
  2. Domain already configured on Cloudflare.
  3. Wrangler CLI installed.
  4. Cloudflare API token with the following permissions:
    • Account > Access: Organizations and Groups > Edit
    • Account > Access: Apps and Policies > Edit

Automated Setup

We provide a script to automatically sync your access-list.yaml to Cloudflare Access Policies.

# 1. Configure environment variables
export CF_API_TOKEN="your-token"
export CF_ACCOUNT_ID="your-account-id"
export DOMAIN="your-blog.com"

# 2. Run the sync script
./infra/cloudflare-access.sh

Testing with Gmail Aliases

You can test multiple access levels using a single Gmail account via aliases:

All aliases deliver to the same inbox, but Cloudflare treats them as distinct identities, allowing you to verify that policies are working as expected.

Resources

Share:
Back to Blog

Related Posts

View All Posts »