I'm not sure I understand all of the nuances here (I'm no webmaster), but this is covered in the documentation you linked:
> You must configure page rules to allow Cloudflare to fetch only your Backblaze B2 bucket from your domain. ... Otherwise, someone could use your domain to fetch content from another customer's public bucket. To ensure this does not happen, Cloudflare lets you use page rules to scope requests to your bucket.
The example shows leaving your bucket name in the url as a way to filter out requests to other bucket names. If you want your static site to have http://mysite.com/bucketname/index.html then I guess that's ok. But again, careful configuration and still not for every situation.
I'm sure you can layer more rules to get it exactly right but I'd not be eager to layer on complex configuration through multiple service providers when it is avoidable, unless there is some very compelling overriding reason.
As far as I know, bucket names must be unique at other providers like AWS as well. [0]
I'm no expert but to try and protect my own domain, I use a transform rule to match a subdomain and append "/file/$MY_BUCKET_NAME" to each request. This should return a 404 for anybody who tries to inject their own bucket in the path. I could be wrong of course.
Bolting a Cloudfront distribution onto a S3 bucket is pretty well-trod territory, though, and doesn't have these sharp edges. (Has a couple other ones, but they're less common.)
Does the solution involve using Cloudflare workers? Because, as I said, I'm sure it is possible but maybe we've gone off the deep end a bit. Just how crazy of a configuration do you want just to serve files from an object store?
This looks like an awful lot of setup for "easily solved". Easily solved is what S3 does where this isn't even a problem.
> You must configure page rules to allow Cloudflare to fetch only your Backblaze B2 bucket from your domain. ... Otherwise, someone could use your domain to fetch content from another customer's public bucket. To ensure this does not happen, Cloudflare lets you use page rules to scope requests to your bucket.