Bypass restricted access for phone apps

My little home server is protected by tunnels and access requiring an emailed code. I can access all the apps on the server as I have given each a sub domains to their ports. What an amazing system.

The problem is that I have a couple of apps on my phone (audiobookshelf & nextcloud) that will not connect as the logins give an error because (I assume ) they are redirected to cloudflareaccess. com.

Is there a way to bypass the access protection? I am no noob to cloudflare but please try not to get too technical or my head will explode.

2 Likes

I’m in exact same situation as you. Love the Cloudflare Access restrictions, but it breaks the ABS mobile app. I’m considering just having my ***.domain.com subdomain not be protected by Cloudflare Access but then it feels more exposed…. Did you figure out a solution?

also an audiobookshelf fan and had the same issue. I landed on creating a new Cloudflare Application (Under Access → Applications) that does not have the authentication requirement. So all the traffic still goes through Cloudflare, and I don’t have to open up any ports on my home router, and I can then share the abs.mydomain.com with friends, keep a consistent server address when i’m out and about or in my home network. It still has a login / pass, so I’m happy with this for all my security concerns balanced with flexibility and ease of sharing with others.

The lockdown app i have as *.mydomain.com (and contains all my other services that map to ports on my nas)
and the windtun-public I have as abs.mydomain.com and will add other services that will not be Cloudflare authenticated as needed in the future.

Hope the image attaches properly.

best of luck!

1 Like

I have implemented like you recommended, has been working well for me. Since abs.mydomain.com is somewhat exposed now (and I noticed the ABS login has no brute force protection), I implemented crowdsec to protect abs and Nextcloud. Makes me feel more secure about losing the Cloudflare auth screen.

Have you played w/ split tunneling or running a local DNS server so you don’t have to go through the tunnel when downloading books on your LAN? I got most of the way with the local DNS, but couldn’t get the local certificates since Cloudflare provides those w/ the tunnel and gave up.

Yes actually! I was fine tuning it today actually. Using pihole to forward requests to my local IP address. Have confirmed local data transfers don’t go through the tunnel.

I didn’t have issues with certs, but I’ve heard people have issues using Cloudflares certs in this scenario. I am using Caddy which handles Let’s Encrypt certs without any issues, and nothing was affected when I implemented split DNS.