You can use a combination of Tunnel and Access to lock down an internal application without the use of a VPN.
Now you can start a tunnel on the web server to expose the application through the internet behind Cloudflare. The Access policy you created in the previous step will require any visitors to authenticate before they reach the application. Because the server is running behind Tunnel and all ports are closed on your server, you are guaranteed that any visitors to the application have passed through Cloudflare and authenticated with Access.
Lastly, if your application runs legacy programs, you can block common exploits by turning on the Web Application Firewall in the Firewall tab of the Cloudflare dashboard.
While you are developing applications it can be useful to share a link with collaborators or for testing on other screens and devices.
To do this, download the Mac, Linux or Windows version of Tunnel and start a tunnel from your laptop pointed at the local address of your development environment.
When developing an application that uses webhooks (such as building an app for Github, Slack or Stripe) you can use Tunnel to run a webhook endpoint from your local environment. Once you run Tunnel on your computer, Tunnel will expose a public URL that you can set as your webhook endpoint. Tunnel will forward all requests to that endpoint to your local development environment.