[tgsovlerkhgsel]

Just a note, unless you're also validating the Host: header (and possibly even then), Authenticated Origin Pull can be bypassed if someone does find the right server:

https://medium.com/@ss23/leveraging-cloudflares-authenticate...

(Could have been fixed in the past couple months, but I doubt it.)

Same for Access, by the way.

[prdonahue]

Sometime in 2Q you'll be able to upload your own client certificate (issued under your own CA if you like) to be used with Authenticated Origin Pulls.

[rarecoil]

Note: This user is a (the?) Director of Product at Cloudflare.

[zackbloom]

You can also use Argo Tunnel to create a secure tunnel between your origin and Cloudflare.