Skip to content

GatewayProxyEndpoint

Source: src/Cloudflare/Gateway/ProxyEndpoint.ts

A Cloudflare Zero Trust Gateway proxy endpoint — an agentless HTTP proxy for forwarding traffic to Gateway without installing the WARP client, typically wired up via a PAC file pointing at the endpoint’s server-assigned subdomain.

ip-kind endpoints admit traffic from a source-CIDR allowlist and require an Enterprise plan (Cloudflare error code 2009 otherwise); identity-kind endpoints authenticate individual users and work on all Zero Trust plans. The kind is immutable; name and ips converge in place. Accounts are limited to a small number of proxy endpoints, so prefer reusing one per account.

Creating a Proxy Endpoint

Section titled “Creating a Proxy Endpoint”

Identity-based endpoint (all plans)

const proxy = yield* Cloudflare.GatewayProxyEndpoint("UserProxy", {
  kind: "identity",
});
// PAC file target:
const host = `${proxy.subdomain}.proxy.cloudflare-gateway.com`;

IP allowlist endpoint (Enterprise)

const proxy = yield* Cloudflare.GatewayProxyEndpoint("OfficeProxy", {
  kind: "ip",
  ips: ["203.0.113.1/32"],
});