Add routes

A route maps an IP address or hostname to a Cloudflare One connector installed on your private network. When a user connects to that IP or hostname through Cloudflare's network, Cloudflare will route their traffic down a secure tunnel to the corresponding resource in your private network.

Add a CIDR route

CIDR routes define the IP network segments (such as 10.0.0.0/24) that are reachable via a Cloudflare Tunnel.

Prerequisites

Before you add a CIDR route, ensure you have created a Cloudflare Tunnel using cloudflared or WARP Connector.

To add a CIDR route:

1. In Cloudflare One ↗, go to Networks > Routes > CIDR.
2. Select Add CIDR route.
3. In CIDR, enter the IP address or CIDR range that you wish to route through the tunnel (for example, 10.0.0.1 or 10.0.0.0/24). This can be a private or public IP.
4. For Tunnel, select the Cloudflare Tunnel that is being used to connect your private network to Cloudflare.
5. (Optional) Under Additional settings, select a virtual network for this tunnel route. This step is only needed if the route's IP/CIDR range overlaps with another route in your account. If you do not select a virtual network, the IP route will be assigned to the default network.

   Note

   Virtual networks are only supported for cloudflared tunnels.

6. Select Create.

Cloudflare will now route requests to your private network. However, the route does not automatically capture traffic from end users. To enable client-side connectivity, refer to the cloudflared or WARP Connector setup guides.

Add a hostname route

Hostname routes steer traffic for a public or private hostname down a Cloudflare Tunnel. This allows users to access internal resources using familiar URLs (such as wiki.internal.local) rather than IP addresses.

Prerequisites

Before you add a hostname route, ensure you have created a Cloudflare Tunnel using cloudflared.

To add a hostname route:

1. In Cloudflare One ↗, go to Networks > Routes > Hostname routes.
2. Select Create hostname route.
3. In Hostname, enter the private or public hostname that represents your application (for example, wiki.internal.local or app.bank.com).
4. For Tunnel, select the Cloudflare Tunnel that is being used to connect your private network to Cloudflare.
5. Select Create.

Cloudflare will now route requests to your private network. However, the route does not automatically capture traffic from end users. To enable client-side connectivity, refer to the private hostname or public hostname setup guides.

Add a published application route

Published application routes expose applications to the Internet via a domain that you have connected to Cloudflare. This allows users to access your applications without needing a VPN or specialized client software.

Prerequisites

Before you publish an application, ensure you have:

• Created a Cloudflare Tunnel using cloudflared.
• Added a website to Cloudflare.

To add a published application route to an existing tunnel:

1. In Cloudflare One ↗, go to Networks > Tunnels.

2. Select your tunnel and select Edit.

3. Go to the Published application routes tab and select Add a published application route.

4. Enter a subdomain and select a Domain from the drop-down menu. Specify any subdomain or path information.

   Note

   If you add a multi-level subdomain (more than one level of subdomain), you must order an Advanced Certificate for the hostname.

5. Under Service, choose a service type and specify its URL. For example:

   • Type: HTTP
   • URL: localhost:8000

6. Under Additional application settings, specify any parameters you would like to add to your tunnel configuration.

7. Select Save.

Anyone on the Internet can now access the application at the specified hostname. To allow or block specific users, create an Access application.

Add a WAN route

WAN routes define the IP network segments (such as 10.0.0.0/24) that are reachable via a GRE or IPsec tunnel. To add a WAN route, refer to the WAN Connectors documentation.