I’m trying to bypass a bitbucket web-hook request to one of my servers protected with Cloudflare Access. Unfortunately its not going through as the web-hook is redirected to the CF login/code page. I can see this on the bitbucket side when debugging the web-hook requests.
I have added access policy based on ip-address ranges. When disabling the policy entirely the web-hook works.
I have added both IPv4 and IPv6 ranges as listed on this page:
https://confluence.atlassian.com/bitbucket/what-are-the-bitbucket-cloud-ip-addresses-i-should-use-to-configure-my-corporate-firewall-343343385.html
On other similar setups I can see the IP-address originating from bitbucket are 18.234.32.226 and 18.234.32.227 which are to my knowledge included in what I have added as ranges on the Cloudflare side.
Unfortunately there is no log available inside CF Access because no actual authentication is done by the web-hook.
Can someone help me in the right direction ?
Many Thanks!
I am having this same issue. From the bitbucket webhook ui, I am seeing a 403 on the webhook request. I have two access policies for the webhook url, one allows developers to hit my.domain and one access policy that allows Everyone to hit my.domain/webhook-url/.
Any ideas?
Is there any update for this issue?
I am facing similar problem now, I am trying CF Access to limit access to my staging server. However all webhook cannot go through…
Is there any clue how I can create a policy to
- turn on CF access for any access to
dev.mydomain.com
- turn off CF access checking only for
dev.mydomain.com/webhook/*
Thank you
1 Like
Did anyone manage to find a solution to this?
I am also facing the same problem as @charleschristchan, I have a jenkins behind Cloudflare Access and I would like to have users authenticate before being able to access the web interface but let the bitbucket web-hooks through in order to trigger builds.
I have the same issue. Have you found a solution?