> For the complete documentation index, see [llms.txt](https://docs.ambersignals.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.ambersignals.com/tutorials/zero-trust-application-protection-for-cloudflare-tm.md).

# Zero Trust Application Protection for Cloudflare™

## Introduction

A [Zero Trust Application](https://developers.cloudflare.com/cloudflare-one/applications/) by Cloudflare is an web application that is **protected by Cloudflare Access**. This application can be self hosted or is a third party provider. The important part is that it is protected by your Cloudflare account and you configured it that only specific users can access it with your identity provider.

Let's say you have a website that only certain people in your organization can access and it is reachable via **secure.example.com**. The website itself is running on a server and access is only possible via Cloudflare servers and its DNS proxy servers.\
With Cloudflare Access you have configured a Identity Provider (e.g. Google) and configured an Application in Zero Trust Cloudflare Portal to limit access to certain people. This works perfectly and users who are not authenticated will be prompted with a login page from Cloudflare.

<figure><img src="https://blog.cloudflare.com/content/images/2023/03/Screenshot-2023-03-17-at-10.57.03.png" alt=""><figcaption><p>Example page from the <strong>Cloudflare Blog.</strong></p></figcaption></figure>

Now **the problem** **is**, how do you know that the Access Application is **not modified** or **removed** and **works as expected**? Unfortunately it is very easy to change the configuration in the Cloudflare without even knowing that the protection is removed. There is no easy visible option that will indicate this.

With Amber Signals we are going to **monitor the website** from outside of the Cloudflare network and **notify you when the protection was removed**. This is possible for us without having any access to your Cloudflare account and can be done as seen from a intruder that might want to access your sensitive information.

## Step 1

The website we want to monitor is **secure.example.com** and we just need to head over to the [dashboard](https://ambersignals.com/dashboard) and select "**Zero Trust Application**".

<figure><img src="/files/ngYQXfLPr8PM4mJutpnY" alt=""><figcaption></figcaption></figure>

The **description** should be something that you can identify this. The **address** is the URL where the website is reachable from.&#x20;

Once selected the notification channel you can save it with confirming on "**Add**". Now we will keep you informed when the protection from Cloudflare is removed.

Once we detect a change, we will keep informing you until you fix it. If you do not monitor this, sensitive information could be exposed.

Stay safe!


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ambersignals.com/tutorials/zero-trust-application-protection-for-cloudflare-tm.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.