Skip to content

Commit 4fc5ba4

Browse files
nikitacanonikitacano
authored
Changelog: Tunnel hostname routing is available to all Cloudflare One users in open beta (#25271)
1 parent 1507956 commit 4fc5ba4

File tree

2 files changed

+23
-0
lines changed

2 files changed

+23
-0
lines changed

src/assets/images/changelog/cloudflare-one/tunnel-hostname-routing.webp

29 KB
Loading

src/content/changelog/cloudflare-tunnel/2025-09-18-tunnel-hostname-routing.mdx

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
---
2+
title: Connect and secure any private or public app by hostname, not IP — with hostname routing for Cloudflare Tunnel
3+
description: Create Tunnel routes based on hostnames or domains — not just IPs — to simplify Zero Trust and egress policies.
4+
date: 2025-09-18
5+
---
6+
7+
import { Render } from "~/components";
8+
9+
You can now route private traffic to [Cloudflare Tunnel](/cloudflare-one/connections/connect-networks/) based on a hostname or domain, moving beyond the limitations of IP-based routing. This new capability is **free for all Cloudflare One customers**.
10+
11+
Previously, Tunnel routes could only be defined by IP address or [CIDR range](/cloudflare-one/connections/connect-networks/private-net/cloudflared/connect-cidr/). This created a challenge for modern applications with dynamic or ephemeral IP addresses, often forcing administrators to maintain complex and brittle IP lists.
12+
13+
![Hostname-based routing in Cloudflare Tunnel](~/assets/images/changelog/cloudflare-one/tunnel-hostname-routing.webp)
14+
15+
**What’s new:**
16+
- **Hostname & Domain Routing**: Create routes for individual hostnames (e.g., `payroll.acme.local`) or entire domains (e.g., `*.acme.local`) and direct their traffic to a specific Tunnel.
17+
- **Simplified Zero Trust Policies**: Build resilient policies in Cloudflare Access and Gateway using stable hostnames, making it dramatically easier to apply per-resource authorization for your private applications.
18+
- **Precise Egress Control**: Route traffic for public hostnames (e.g., `bank.example.com`) through a specific Tunnel to enforce a dedicated source IP, solving the IP allowlist problem for third-party services.
19+
- **No More IP Lists**: This feature makes the workaround of maintaining dynamic IP Lists for Tunnel connections obsolete.
20+
21+
Get started in the Tunnels section of the Zero Trust dashboard with your first [private hostname](/cloudflare-one/connections/connect-networks/private-net/cloudflared/connect-private-hostname/) or [public hostname](/cloudflare-one/policies/gateway/egress-policies/egress-cloudflared/) route.
22+
23+
Learn more in our [blog post](https://blog.cloudflare.com/tunnel-hostname-routing/).

0 commit comments

Comments
 (0)