A fast Traefik forward-auth server for validating Cloudflare Access requests
Kani (カニ) (Pronunciation) means Crab in Japanese. I'm not entirely sure what I decided to use this name, but here we are. Kani is designed to be a Traefik ForwardAuth server for validating Cloudflare Access requests.
When a request is proxied through Cloudflare Access, a signed JWT token will be sent to the backend (Traefik in this case) as an HTTP header. Since the JWT token is signed, we can get the public keys from Cloudflare Access to validate that it was indeed issued by Cloudflare Access.
We recommend using Kani when using Cloudflare Access to protect websites. Kani allows Traefik to validate that requests actually went through Cloudflare Access, preventing users from accessing the page without going through Cloudflare Access.
See examples in examples/.
If you would like to contribute to this project, please see CONTRIBUTING.md.
If you want to contact the Kani Project maintainers, please use one of the following methods:
- Discord server (Ask questions here please - best response time)
- Email
[email protected] - Email
[email protected] - Email
[email protected](security-related matters only)
Kani is distributed under the terms of the MIT License.
For further details, please refer to the LICENSE file.
We are extremely grateful to the amazing individuals who have contributed to this project, as well as those who have supported us by providing valuable feedback and donations.
We would also like to thank all the individuals and companies who have supported us in sustaining this project. We are grateful for their valuable contributions that have enabled us to continue to improve Kani.
Please note that the individuals and companies listed under the "Supporters" section are independent of this project, and their inclusion should not be interpreted as an endorsement or affiliation.
We don't currently have any supporters for this project :(
If you would like to sponsor this project, please contact us!
