Configure Zero Trust for Link Shortener

Link Shortener is easy to secure for you or your organization using Cloudflare Zero Trust.

Setup Tutorial

Navigate to the Applications settings of your Zero Trust account (opens in a new tab).

Click Add an Application and select Self Hosted from the list of application types.

Now select the zone (apex domain) you linked to your Link Shortener instance. (See getting started guide).

If you used a subdomain, enter it into the subdomain field.

Now for the path enter api/* and repeat for dashboard as shown below.

You can now continue through the application creation process and save the application.

A few notes about security

• This tool is not multitenant, meaning that anyone with access to the links api route can see (and delete) all links created by all users.
• It's convievable that public routes could be used to create a link that redirects to a malicious site. This is why it's important to use Zero Trust to secure your instance and to understand the risks of using public routes.
• The API is not rate limited, so it's possible to create a lot of links in a short amount of time. It would take a lot to bring down Cloudflare, but it's very possible that you could end up with an expensive bill.
• This tool really isn't designed to be Bitly clone or a open source SaaS, it's a personal or company link shortener. If you want to use it for something else, you're welcome to, but understand the the ideal use case is for a single user or a small to mid sized team. With Cloudflare Workers and Zero Trust you probably won't have to worry about performance or security problems, but you may encounter things that don't fit your organization's needs. As a freelancer, I am of course avaliable for customization or support (opens in a new tab) to help you get the most out of Link Shortener.