Browser Based RDP Access via Cloudflare to Windows

Posted on December 16, 2025  •  3 minutes  • 480 words

Cloudflare

Cloudflare is a global content delivery network and website security service provider. Cloudflare is probably known by their WAF or CAPTCHA tools by many people. Eventhough, their solution ecosystem seems focused on web sites, they also provide Software Defined Wide Area Network (SD-WAN) and other infrastructure solutions and capabilities. In that guide, I’ll explain how to access a Windows Server or Windows 10/11 devices over the internet via browser based Remote Desktop Protocol with Cloudflare Tunnel.

Infographic Credits: Notebook LM

There is also an official Cloudflare documentation about that topic in here.

Requirements:

• Cloudflare Account (Free subscription is also applicable.)
• Personal domain managed in Cloudflare. (e.g. sercanazizoglu.com)

Connection Steps:

1. In the target device, login to Cloudflare’s Zero Trust portal.

2. Using Cloudflared to create a tunnel as instructed.

After creating the tunnel in powershell, in the Cloudflare page, it should start to show the connector and its status.

In route tunnel section, choose CIDR and give an address block of the device’s current private IP could be defined.

After the configurations, new tunnel should be seen in “Connectors” page, under the “Your Cloudflare Tunnels” section.

3. Create a new target under Access Controls section. While creating the target, write the device’s private IPv4 address that is within the created IP block as CIDR.

4. A new subdomain, DNS record for the personal domain within the Cloudflare is required: e.g. access.sercanazizoglu.com etc.

5. Create an application under Access Controls section and configure:

In that section, the subdomain that created should be written under the public hostname section. After that in Browser rendering part, RDP should be selected. In targer criteria, target hostnames should be selected. Port should also be configured as 3389.

In policies related access controls can be configured. e.g. accessing only via sending OTP to only a certain email address.

In Experiences settings application can be configred as “show in app launcher” for easy access.

Rest of them is optional settings.

6. Visit the accountname.cloudflareaccess.com to login App Launcher with related access policy.

After logging in, the applications will be listed. Click the target device.

7. Enter the local account credentials to access to the device

It does provide enough capabilities to control remote device.

Last but not least, there could be network or security configuration related issues that prevent accessing. In that case, it’s better to check related logs and consult to an LLM to find the root cause.

Conclusion

I think Cloudflare’s browser based RDP which was launched as beta on March 2025 is a really good option to decommission VPN services for third party access to internal networks, especially for server or device management. Even if you want to access and manage your devices that runs in different physical locations, that could be a useful and free solution.

For small and medium enterprises with budget contrains, that kind of tools could be free alternatives to give remote access for their infrastructure.