Speed 🛡️ Security ☁️ Hosting 📖 Tutorials
Get PerfMatters
Cloudflare 2 min read

Cloudflare Zero Trust: Protect your Web Apps

Published by Manuel Campos on January 3, 2026 • Updated on January 3, 2026

I build WordPress sites locally using Podman, I convert the site into a static website using Python and GitHub pushes that to CloudFlare Pages.

If I want to work on one of my website once I leave the house, I can’t, because my Podman containers aren’t exposed to the public internet.

You can create a CloudFlare tunnel to solve that problem.

A Cloudflare Tunnel is a tool that allows you to safely expose a local server to the internet without having to open any ports on your home router.

Since you are exposing your local Dev site to the internet, you should secure.

It is fine to use password123 on a local environment but not when that site is publicly available.

You can create CloudFlare Firewall Rules to protect or use CloudFlare Zero Trust.

Zero Trust ensures that even if someone has your URL, they can’t see a single byte of your site until they prove exactly who they are.

Cloudflare Zero Trust

On your Cloudflare account, find protect & connect on the right-side menu.

Then click on Zero Trust

Then to access controls and then to applications

Then

  1. Add an application.
  2. Self-Hosted
  3. Give your Application a name
  4. Choose the session duration
  5. Add a public host name
  6. Choose defaults as Input Method
  7. Add a subdomain if you want to use that or add an asterisk.
  8. Choose the domain from the list
  9. Then create a policy
  10. For Login Methods, Accept all available identity providers
  11. I don’t change anything on the Application Appearance section.
  12. I don’t make any changes on the Advanced Settings section.

Zero Trust Policy

These are some instructions to create a good policy:

  1. Give your policy a name.
  2. Choose an action. I use allow
  3. Choose an option for session duration
  4. In the add rules section, you have lots of options to create the rules. I choose Emails.
  5. Then test your policy.

Final Thoughts

You can still apply a Cloudflare Firewall Rule as a second measure of protection.

For instance, you need to try to connect from a certain country, certain IP address or Internet Provider.

Manuel Campos

Manuel Campos

I'm a WordPress enthusiast. I document my journey and provide actionable insights to help you navigate the ever-evolving world of WordPress."

LinkedIn Twitter

Read Next

super cloudflare
Cloudflare

What does “Headless Chrome” mean?
Match - Known Bots
Cloudflare

How to Deal with Cloudflare Known Bots
super cloudflare
Cloudflare

Blocking and Challenging Empty User Agents

Support Honest Reviews

Help keep the reviews coming by using my recommended links.

Hosting Theme Optimization

May earn commission • No extra cost to you