Tutorial Tutorial Cloudflare One Cloudflare One
Access a web application via its private hostname without the Cloudflare One Client
/cloudflare-one/tutorials/clientless-access-private-dns
Mở tutorial / guide ↗ Open tutorial / guide ↗Phần 3: Secure browsing (SWG) Part 3: Secure browsing (SWG) · Bài 2/2 Lesson 2/2
CASB và DLP (khi sẵn sàng) CASB and DLP (when ready)
Sau khi ZTNA ổn định, thêm kiểm soát upload/download SaaS và dữ liệu nhạy cảm. After ZTNA is stable, add controls for SaaS uploads/downloads and sensitive data.
Các bước thực hiện Step-by-step
- Sau ZTNA ổn định: bật CASB scan SaaS (Shadow IT). After stable ZTNA: enable CASB SaaS scanning (Shadow IT).
- Gateway HTTP policies: block upload PII ra SaaS không approved. Gateway HTTP policies: block PII uploads to unapproved SaaS.
- DLP profiles: credit card, national ID patterns. DLP profiles: credit card, national ID patterns.
- Pilot DLP với log-only trước block. Pilot DLP in log-only before block.
Giải thích chi tiết Detailed explanation
CASB + DLP là lớp tiếp theo — đừng bật cùng lúc với ZTNA pilot để tránh overwhelm support. CASB + DLP are the next layer — don’t enable alongside ZTNA pilot to avoid overwhelming support.
Lưu ý (best practices) Note (best practices)
HTTP inspection (CASB/DLP) cần cài root cert và bật TLS decryption; tạo Do Not Inspect cho app dùng certificate pinning. Cấu hình DLP profile sau khi HTTPS inspection sẵn sàng. HTTP inspection (CASB/DLP) requires installing the root certificate and enabling TLS decryption; create Do Not Inspect policies for certificate-pinning apps. Configure DLP profiles after HTTPS inspection is ready.
Nguồn: Source: Gateway traffic policies — Get started Gateway traffic policies — Get started ↗
Ví dụ triển khai (Cloudflare Resources) Deployment examples (Cloudflare Resources)
Tutorial, solution guide và reference từ developers.cloudflare.com/resources ↗ — gợi ý theo chủ đề bài học. Tutorials, solution guides, and reference docs from developers.cloudflare.com/resources ↗ — matched to this lesson topic.
Tutorial Tutorial Cloudflare One Cloudflare One
Access and secure a MySQL database using Cloudflare Tunnel and network policies
/cloudflare-one/tutorials/mysql-network-policy
Mở tutorial / guide ↗ Open tutorial / guide ↗ Tutorial Tutorial Cloudflare One Cloudflare One
Build an API to access D1 using a proxy Worker
/d1/tutorials/build-an-api-to-access-d1
Mở tutorial / guide ↗ Open tutorial / guide ↗ Tutorial Tutorial Cloudflare One Cloudflare One
Connect through Cloudflare Access using a CLI
/cloudflare-one/tutorials/cli
Mở tutorial / guide ↗ Open tutorial / guide ↗Tài liệu Cloudflare Developers Cloudflare Developer docs
Sơ đồ kiến trúc (Cloudflare Docs) Architecture diagrams (Cloudflare Docs)
Securing data in transit Securing data in transit
Bảo vệ data in transit với Gateway/DLP — inspect TLS traffic trước khi tới SaaS hoặc Internet. Data in transit is often considered vulnerable to interception or tampering during transmission. Data Loss Prevention (DLP) technologies can be used to inspect the contents of network traffic and block sensitive data from going to a risky destination.
Thuật ngữ: Concepts: Gateway · DLP · TLS · CASB · Inline inspection
Sơ đồ chính thức ↗ Official diagram ↗ · Security Security
Securing data at rest Securing data at rest
Learn how Cloudflare's API-driven Cloud Access Security Broker (CASB) works and secures data at rest. Learn how Cloudflare's API-driven Cloud Access Security Broker (CASB) works and secures data at rest.
Thuật ngữ: Concepts: CASB · SaaS API · Data at rest · DLP
Sơ đồ chính thức ↗ Official diagram ↗ · Security Security