You can now configure file transfer controls for browser-based RDP with Cloudflare Access, allowing you to restrict whether users can upload or download files between their local machine and the remote Windows server.
This feature is useful for organizations that support bring-your-own-device (BYOD) policies or third-party contractors using unmanaged devices. By restricting file transfers, you can prevent sensitive data from being moved out of the remote session to a user’s personal device.
Configuration options
File transfer controls are configured per policy within your Access application, alongside existing text clipboard controls. For each policy, you can select one of the following options:
- Client to remote RDP session allowed — Users can upload files from their local machine into the browser-based RDP session.
- Remote RDP session to client allowed — Users can download files from the browser-based RDP session to their local machine.
- Both directions allowed — Users can upload and download files between their local machine and the browser-based RDP session.
- Disable copying/pasting — Users are not allowed to transfer files between their local machine and the browser-based RDP session.
By default, file transfer is denied for new policies. For existing Access applications created before this feature was available, file transfer remains denied.
How it works
To upload, drag files into the browser window or select the settings gear icon on the left side of the RDP session. To download, copy a file in the remote session and select the settings gear to download it, download multiple files as a zip, or print PDFs to a local printer.
This feature is in beta and available on all Zero Trust plans. For more information, refer to File transfer for browser-based RDP.
Source: Cloudflare





