Gateway, Cloudflare Mesh, Workers VPC - Filter Workers' public Internet traffic using Gateway policies
29d ago
Source
CloudflareGateway, Cloudflare Mesh, Workers VPC - Filter Workers' public Internet traffic using Gateway policiescloudflare.comWorkers using a VPC Network binding with network_id: "cf1:network" now egress to public Internet destinations through Cloudflare Gateway . This means your existing Zero Trust traffic policies โ DNS, HTTP, Network, and egress โ extend to traffic that originates from your Workers, the same way they do for WARP users today. Worker Calls env.EGRESS.fetch() VPC binding โ Cloudflare Mesh Bind via cf1:network โ Cloudflare Gateway Policies applied: DNS HTTP Network โ โ Public Internet Any public hostname or IP Gateway logs DNS HTTP Network What you get by default: Visibility. Worker egress shows up in Gateway DNS , HTTP , and Network logs alongside your other traffic, so you can audit what your Workers are calling and when. Enforcement. Any existing Gateway policy whose selectors match a Worker request will apply โ including allow / block lists, DNS category filtering, and HTTP destination rules. If you have already blocked a category for your workforce, your Workers inherit that block. wrangler.jsonc { " vpc_networks " : [ { " binding " : "EGRESS" , " network_id " : "cf1:network" , " remote " : true , }, ], } wrangler.toml [[ vpc_networks ]] binding = "EGRESS" network_id = "cf1:network" remote = true JavaScript // Egress to a public destination โ subject to your Gateway policies and logged const response = await env . EGRESS . fetch ( " ) ; TypeScript // Egress to a public destination โ subject to your Gateway policies and logged const response = await env . EGRESS . fetch ( " ) ; For configuration options, refer to VPC Networks . For policy authoring, refer to Cloudflare Gateway traffic policies .


Comments
Sign in to join the conversation.
No comments yet. Be the first.