Block root subdomain, allow/block subdirectories

Hi all!

I’m trying to implement the following setup:

  1. sub.domain.com - Block for Everyone
  2. sub.domain.com/long_■■■_string - Allow for Everyone
  3. sub.domain.com/long_■■■_string/admin - Allow only for Warp with Gateway or Certificate

I’m failing already at the first step, because if I create a:

Block policy with Include “Everyone” as per docs (Access policies) does not work. As a workaround an Allow policy with Include “Everyone” and Exclude “Everyone” seems to work for n.1 but not for n.3.

Can somebody help with this setup?

I’m not sure why that workaround wasn’t working before for n.3, because now it does.

Right now the setup is:

  1. Allow - Inlcude Everyone, Exclude Everyone
  2. Bypass - Include Everyone, Require Country allowlist
  3. ServiceAuth - Include Certificate, Include Gateway / Allow - Include Everyone, Exclude Everyone

Any idea? Specifically on why the Block policy does not work?