I am quite lost right now with setting up Cloudflare Access policies for letting a single IP bypass the login screen.
A short overview of what I’ve done:
- I set up Access for my home network, Tunnel is set up and working correctly.
- Added multiple hostnames to the Tunnel and added applications for the corresponding subdomains.
- Accessing the applications work flawlessly, login is bypassed when using WARP, otherwise
- Even Service Token authorization is working. When adding the credentials to a request, login is bypassed as expected.
Now comes the part that is not working:
I added a policy for two applications which should allow a single IP (that of my web server) to bypass authorization.
The policy is set up using the official Policies guide which actually use unblocking an IP as the primary example. That IP is also added to the global allowed IPs in the WAF.
- When accessing the app with a Service Token, I can bypass the login, but that’s not an option.
- When accessing the application without anything, I get the login page, which is not what I expect.
Here’s a screenshot of one of the applications:
I have no idea what I’m doing wrong. It’s not that complicated and according to the documentation, it should work. I just tested this with the office IP at work, and it leads to the same results, so I guess it’s not an issue with my server. 