digitalpoint
Well-known member
Ya no doubt... but if someone has your credentials you are using for Cloudflare Zero Trust Network Access, you have much bigger problems to deal with, and a 2 second delay isn't going to help too much.It can be added to the zero trust authentication step though and anyway, there's always a way through any defence, no matter how hard, so I maintain that it can still be useful at the end server level.
One thing I would recommend is setting up your server firewall to only respond to Cloudflare IPs when traffic is coming in on port 80 or 443. At least then someone can't just bypass Cloudflare by hitting your server IPs directly. Kind of defeats the purpose of security if you can just sidestep it. Like I have a daily cron task that grabs Cloudflare IPs from here: https://www.cloudflare.com/ips-v4
...with that, it builds firewall rules so the firewall only allows traffic on port 80 or 443 from those blocks.
Then it's much more difficult for an attacker to bypass things... because they would also need to originating inside Cloudflare's network.