Skip to content
Cloudflare Docs
DirectoryAPISDKsChangelog

Add routes

A route maps an IP address or hostname to a Cloudflare One connector installed on your private network. When a user connects to that IP or hostname through Cloudflare's network, Cloudflare will route their traffic down a secure tunnel to the corresponding resource in your private network.

The dashboard Routes page is the single place to view and manage the routes for all of your connectors — Cloudflare Tunnel, Cloudflare Mesh, Cloudflare WAN, and Magic Transit — in one table. When you create a route, you choose its type, which determines the connector it uses.

Add a CIDR route

CIDR routes define the IP network segments (such as 10.0.0.0/24) that are reachable via a Cloudflare Tunnel or a Cloudflare Mesh node.

To add a CIDR route:

  1. In the Cloudflare dashboard, go to Networking > Routes.

    Go to Routes

  2. From the Routes tab, select Create route, then choose Tunnel CIDR (for a cloudflared tunnel) or Mesh CIDR (for a Cloudflare Mesh node) as the route type.

  3. For the connector, select the Cloudflare Tunnel or Cloudflare Mesh node that connects your private network to Cloudflare.

  4. Enter the IP address or CIDR range that you wish to route through the connector (for example, 10.0.0.1 or 10.0.0.0/24). This can be a private or public IP.

  5. (Optional) Select a virtual network for this route. A virtual network is a private routing domain that provides routing isolation within your account. This step is only needed if the route's IP/CIDR range overlaps with another route in your account. If you do not select a virtual network, the route will be assigned to the default network.

  6. Select Create route.

Cloudflare will now route requests to your private network. However, the route does not automatically capture traffic from end users. To enable client-side connectivity, refer to the cloudflared or Cloudflare Mesh setup guides.

Add a hostname route

Hostname routes steer traffic for a public or private hostname down a Cloudflare Tunnel. This allows users to access internal resources using familiar URLs (such as wiki.internal.local) rather than IP addresses.

To add a hostname route:

  1. In the Cloudflare dashboard, go to Networking > Routes.

    Go to Routes

  2. From the Routes tab, select Create route, then choose Tunnel Hostname as the route type.

  3. For the connector, select the Cloudflare Tunnel that connects your private network to Cloudflare.

  4. In Hostname, enter the private or public hostname that represents your application (for example, wiki.internal.local or app.bank.com).

  5. Select Create route.

Cloudflare will now route requests to your private network. However, the route does not automatically capture traffic from end users. To enable client-side connectivity, refer to the private hostname or public hostname setup guides.

Add a published application route

Published application routes expose applications to the Internet via a domain that you have connected to Cloudflare. This allows users to access your applications without needing a VPN or specialized client software.

To add a published application route to an existing tunnel:

  1. In the Cloudflare dashboard, go to Networking > Tunnels, then select your tunnel.

    Go to Tunnels

  2. On the Routes tab, select Add route, then select Published application.

  3. Enter a subdomain and select a Domain from the drop-down menu. Specify any subdomain or path information.

  4. In Service URL, enter the protocol and address of your application (for example, http://localhost:8000). Refer to supported protocols for available options.

  5. Select Save.

Anyone on the Internet can now access the application at the specified hostname. To allow or block specific users, create an Access application.

Add a WAN route

WAN routes define the IP network segments (such as 10.0.0.0/24) that are reachable via a GRE or IPsec tunnel. To add a WAN route, refer to the WAN Connectors documentation.