Cloudflare Access for MODX CMS.
What does it do?
Lock specific Resources, Contexts, or entire MODX sites behind Cloudflare Access. More specifically, this Extra validates the JWT token sent with the Cloudflare Authoriztion cookie, and optionally assigns a MODX User to the session if a match is found.
Once you've secured your web server and set up Cloudflare Access, this Extra provides "extra" functionality that isn't required but supports the following use cases.
You want the extra layer of security that comes with validating the JWT sent by Cloudflare's proxies. You can do it on every web page initialization with the Plugin, or only specific Resources with the Snippet.
You want access to the decoded JWT, which includes the user's email.
You want to match the user's email to a MODX User to display personalized content, collect information, or any of the other things you could do in MODX with a User.
- You want to apply more granular permissions, which MODX supports out of the box, like Resource Groups, Context permissions, etc.
CFAccess does not call
addSessionContext, do anything with sessions, nor set any cookies. Rather, it assigns the
$modx->user object for the current request. The JWT is validated on every request, for which the Plugin or Snippet is configured to execute.
Both the Snippet and Plugin execute in front-end Contexts. CFAccess does not support logging Users in to the
CFAccess does not create MODX Users. If you need more advanced user management with a single sign-on solution, check out Auth0 for MODX.
New in CFAccess 0.11.1-beta1
Cleanup. Debug mode. More docs. Beta release. See: https://sepiariver.com/modx/protect-your-web-server-with-cloudflare-access/