When using Cloudflare Zero Trust Network Access (ZTNA), everything works perfectly until I enable Automatic Platform Optimization (APO). Once APO is enabled, I encounter redirect errors for all ZTNA applications. I have attempted to bypass cache for all URLs involved in the authentication flow and the application redirect URLs, but this hasn’t resolved the issue.
Confirming I’m seeing the same issue on two sites with APO and ZITNA apps that worked perfectly before APO.
settings tested
I have tested every TLS, https redirect, and speed setting individually turned on and off one by one, and as many combined settings as I could muster, as well as all cookie placement settings in ZTNA.
Especially following other success/failure posts I’ve seen where strict → Lax or none on cookes was the issue.
I have also tested the TLS encryption mode from flexible, full, full-strict.
Similar mitigation attempts as described above:
- set caching to bypass when app login URL
- set caching to bypass when coming from the access redirect url
- set caching to bypass when auth cookie present.
- all bypass rules set Browser TTL to bypass cache as well. (0 cache)
Successful workarounds have occasionally included:
logging in as normal to start the loop, then logging in on a separate window.
→ above is successful with Azure AD, but not with google workspace connected accounts.
Dev mode ALWAYS works.
The fact that dev mode always works makes me think this IS a cache issue somewhere, but bypassing the cache is not working for me.