The Gateway Authorization Proxy and PAC file hosting are now in open beta for all plan types.
Previously, proxy endpoints relied on static source IP addresses to authorize traffic, providing no user-level identity in logs or policies. The new authorization proxy replaces IP-based authorization with Cloudflare Access authentication, verifying who a user is before applying Gateway filtering without installing the WARP client.
This is ideal for environments where you cannot deploy a device client, such as virtual desktops (VDI), mergers and acquisitions, or compliance-restricted endpoints.
Key capabilities
- Identity-aware proxy traffic — Users authenticate through your identity provider (Okta, Microsoft Entra ID, Google Workspace, and others) via Cloudflare Access. Logs now show exactly which user accessed which site, and you can write identity-based policies like “only the Finance team can access this accounting tool.”
- Multiple identity providers — Display one or multiple login methods simultaneously, giving flexibility for organizations managing users across different identity systems.
- Cloudflare-hosted PAC files — Create and host PAC files directly in Cloudflare One with pre-configured templates for Okta and Azure, hosted at
https://pac.cloudflare-gateway.com/<account-id>/<slug>on Cloudflare’s global network. - Simplified billing — Each user occupies a seat, exactly like they do with the Cloudflare One Client. No new metrics to track.
Get started
- In Cloudflare One, go to Networks > Resolvers & Proxies > Proxy endpoints.
- Create an authorization proxy endpoint and configure Access policies.
- Create a hosted PAC file or write your own.
- Configure browsers to use the PAC file URL.
- Install the Cloudflare certificate for HTTPS inspection.
For more details, refer to the proxy endpoints documentation and the announcement blog post.
Source: Cloudflare
Latest Posts
- (Updated) Retirement of -Credential parameter when connecting to Exchange Online PowerShell [MC1248389]
- Amazon Timestream for InfluxDB is now available in the Mexico (Central), Japan (Osaka), and Brazil (Sao Paulo) AWS regions
- Power Platform – Information regarding the end of support for Global Discovery Service (GDS) API [MC1253577]
- Workers – Declare required secrets in your Wrangler configuration
![Dynamics 365 Customer Insights- Data – Select appropriate field values from a list when working with segments conditions [MC1218646]](https://mwpro.co.uk/wp-content/uploads/2025/06/puppet-1636124_1920-96x96.webp "Dynamics 365 Customer Insights- Data - Select appropriate field values from a list when working with segments conditions [MC1218646] 7")