Is zero trust service authentication the correct way to protect a heavy usage API so it can only be

Is zero trust service authentication the correct way to protect a heavy usage API so it can only be hit by webapps (likely hosted on pages)?

AAA Is zero trust service authentication the correct way to protect a heavy usage AP...

Hello, I’m Allie!•10/14/23, 5:12 PM

Not if you want it to be usable by just anybody.

Hello, I’m Allie!•10/14/23, 5:13 PM

As in, Zero Trust is if you have a small group of people you wish to give access

HHello, I’m Allie!Not if you want it to be usable by just anybody.

AAOP•10/14/23, 5:14 PM

Hmm. In This scenario only the web servers would be accessing it directly. The end user wouldn't have individual credentials

AAOP•10/14/23, 5:15 PM

Coincidentally trying to protect ory so that we can. Create/make/validate credentials for end users

AAA Hmm. In This scenario only the web servers would be accessing it directly. The e...

Hello, I’m Allie!•10/14/23, 5:16 PM

Oh, then you can just add a WAF rule that blocks anything not coming from a "worker" on your zone, which afaik counts Functions too.

HHello, I’m Allie!Oh, then you can just add a WAF rule that blocks anything not coming from a "wor...

AAOP•10/14/23, 5:18 PM

Ah. So would block anything hosted on pages or functions.. but not a site hosted on netlifty?

AAOP•10/14/23, 5:18 PM

Checking the WAF for this now...

trevi•10/14/23, 5:28 PM

can anyone help? (#pages github action not working)

HHello, I’m Allie!Oh, then you can just add a WAF rule that blocks anything not coming from a "wor...

Erisa•10/14/23, 5:37 PM

It does count functions but the worker zone will be the project.pages.devproject.pages.dev domain

IdkWhatever69•10/14/23, 6:48 PM

does Pages backend support dom?

IIdkWhatever69 does Pages backend support dom?

Hello, I’m Allie!•10/14/23, 6:59 PM

It does not, at least not without using some kind of dependency

mightyendeavor•10/14/23, 7:21 PM

is there any documentation on the waf ruleset precedence and time it takes to deploy?

HHello, I’m Allie!It does not, at least not without using some kind of dependency

IdkWhatever69•10/14/23, 7:29 PM

i realy need canvas, what dependency do i need?

Mmightyendeavor is there any documentation on the waf ruleset precedence and time it takes to de...

Cyb3r-Jak3•10/14/23, 8:10 PM

It really shouldn’t take long to deploy. Maybe a minute at most

Only1-Mztea•10/14/23, 10:58 PM

¯\_(ツ)_/¯

mightyendeavor•10/15/23, 12:59 AM

Is there any documentation on best practices for waf rules that repeatedly cause issue. I’d prefer not to disable the rules that are apart of the managed ruleset but it’s affecting our end users.

Mmightyendeavor Is there any documentation on best practices for waf rules that repeatedly cause...

Cyb3r-Jak3•10/15/23, 1:46 AM

You can check the WAF logs to see what rules are causing blocks or other issues and disable those rules

mightyendeavor•10/15/23, 1:55 AM

We’ve kept a pretty tight rulset as is, it will probably come down to having a few skip rules and some sort of unique marker we will end up deploying

Hammer•10/15/23, 2:25 PM

is cloudflare dns down?

Hammer•10/15/23, 2:25 PM

or just the nearby colocation center

Hammer•10/15/23, 2:25 PM

neither 1.1.1.1 or 1.0.0.1 works

Hammer•10/15/23, 2:26 PM

now it works

Original message was deleted

zegevlier•10/15/23, 2:29 PM

?support

Flare•10/15/23, 2:29 PM

To contact Cloudflare Support about an issue, please visit the Support Portal and fill in the form on the portal.

For more information on the methods by which you can contact Support for your plan level, see Contacting Cloudflare Support - Cloudflare Docs

zegevlier•10/15/23, 2:29 PM

We can't help with account related issues here