403 when use bypass whitelisted IP policy

My website run through the public hostname of the tunnel.
I set 2 policies for Access: Allow Emails and Bypass IPs.
When I access it by non-allowlisted IP, it works normally when required a login page. After verifying the email, I can access my site.
But when I access it by allowlisted IP, it returns 403 Forbidden.

Same here

Been trying this for a few months now, cannot get it to work no matter what I try…

Perhaps if you provided the specifics of the policy that isn’t working? For example, are you sure you’re allowing the correct IP address?

Yeah, my bad. In the end it turned out to be a misconception on my side about how Zero Trust works. The term ‘Bypass’ is confusing and I couldn’t really find any examples on what the terms mean.

In my case I want certain external IPs (GitHub Webhooks + Home) to access my Application without having to authenticate at all. To do this you configure it this way:

Name: IP allowlist
Action: Service Auth
Session duration: Same as application session timeout
Include: IP ranges, <your IPs>

Your Tunnel needs to have the ‘Protect with Access’ option enabled in the ‘Public Hostname’ page as well.

There was another post on this forum that explained everything a bit better, but I wasn’t able to find it again, so hopefully this will help someone who encounters the same issue.

(Funnily enough as I’m writing this I test again and I am able to access my application from a non-allowlisted IP as well, so probably something regressed again…)


Thanks for this. I’ve trawled the forums trying to figure out why my bypass policy wasn’t working, to no avail. Switched to Service Auth and it’s finally working as intended.