Cloudflare Docs
Aegis
Cloudflare Docs
Aegis
Edit this page
Report an issue with this page
Log into the Cloudflare dashboard
Set theme to dark (⇧+D)
  1. Products
  2. Aegis
  3. Configuration options
  4. Access and CNI

Use Aegis with Access and CNI

You can use Aegis combined with Cloudflare Network Interconnect (CNI) to secure your applications with Cloudflare Access without installing software or customizing code on your server.

While Access allows you to enforce policies at the hostname level, other solutions are usually necessary to protect against origin IP bypass — when an attacker knows your origin server IP and uses it to directly interact with the target application.

With Aegis IPs, you only allow a small number of IPs (that are not publicly listed) through your network firewall. And with Cloudflare Network Interconnect, you can use a completely private path between Cloudflare and your application server, without exposure to the public Internet.

Aegis IPs are included within BGP advertisement over CNI.

For details and background, refer to the Cloudflare blog.