Route public traffic to private applications with Cloudflare

For most of the Internet's history, public and private infrastructures operated separately, with public applications protected by CDNs and WAFs, and private applications shielded by VPNs and firewalls. However, as the need for modern security and performance features grows for private applications—such as internal APIs and AI agent backends—Cloudflare has launched Application Services for Private Origins to bridge this gap. This new service, currently in closed beta for Enterprise customers, enables secure routing of traffic to private origins without exposing them to the public Internet, thereby allowing Cloudflare's suite of security and performance services, like WAF rules and bot management, to be applied to private network applications. The service integrates with existing Cloudflare connectivity solutions such as Cloudflare Tunnel and Cloudflare One, offering a unified model for managing both public and private traffic through a single interface. This development allows private applications to benefit from features and protections traditionally reserved for public-facing applications, reducing complexity and operational overhead for organizations.