Bypass login page when warp client active


I want to make a self hosted application internally available with Cloudflare access. Since the application needs to be accessed by browser and by a cli tool which doesn’t support custom headers I need a way to bypass the login page when the warp client is active. Is there a setting to do that?
Everything works fine if I add the application server’s ip as a network (but then I have to use the ip instead of the public hostname). Is there a way to do the same as with private networks but with a public hostname instead?

Kind regards

1 Like

This can be done with a policy with the Bypass action on your Access application that requires the Gateway device posture.


Thank you, that worked. What’s the difference between the “Gateway” and “Warp” posture?
And I assume that it only allows Warp users who are logged into the same team to access, correct?

‘Warp’ means anyone using Warp (including the usual consumer Warp) whereas ‘Gateway’ means anyone who is enrolled into your Zero Trust organization using Warp for Teams.

Enrolling can be done with these instructions:

Note that for websites (aka Cloudflare Access) to be able to recognise you are using Gateway, you will need to enable ‘TLS decryption’ under Settings → Network in the Zero Trust dashboard.

You’ll know it’s working since when you visit /cdn-cgi/trace on a Cloudflare website, such as, you’ll see this:



If I understand correctly, a Bypass with a Gateway rule would be enough to access when Warp was activated and logged in CF.

I have a Policy with Bypass action on an Access application with a Include Gateway rule. But I getting Forbidden when I try to access the application.


What is missing?


Do you have TLS decryption enabled?

Yes, Proxy and TLS decryption are enabled.

What does say for ‘warp’ and ‘gateway’?


Hello @KianNH ,

So option Gateway is worked, but is there anyway to limit bypass login to specifics Users/Groups instead of all users?