Access rule not being honoured

I’ve create an application with 2 requirements:

  1. only allow access using OTP with an email address of mine
  2. Only access from my country (Israel)

I’ve tested access from Israel, and it works. However, when I use a VPN service like Surfshark and accessing the page from other countries, it still shows the access page instead of blocking it.

Screenshot for the policy is enclosed.


I don’t think you can block the Access page itself, but will it let you log in?

You can block the access page itself under some scenarios, for example, if you require certain IP addresses, Gateway, etc (anything that can be verified before login).

Thus being said, the results for us have been a bit strange, for example, when we tried to whitelist a single IP (/32), the rules weren’t having it, however, as soon as the CIDR contained more than 1 IPs, it worked.

The correct configuration I’d say would be: Include (your email) and require the country in the group that you are managing.

Ah, I see you found the post I was thinking of.

1 Like