Bypassing Access for Sentry endpoints

We use a self-hosted instance of Sentry for error tracking. It’s behind Access, which has worked well for us so far – we have a bypass policy that allows the IP of our backend server to send errors through.

Now we’d like to use Sentry on our public frontend. To do this, we’d need to allow unauthenticated access to two endpoints on sentry.example.com (specifically, /api/*/store and /api/*/envelope).

It looks like the way to do this, according to the docs, is to create a separate application in Access for each endpoint. That makes sense, but when you enter the above paths, you get an error saying that “wildcards can only be the rightmost character”.

How can we keep Sentry behind Access, but allow public access to these two endpoints?

I must admit that I don’t use it myself, but I honestly don’t think Access is designed for this kind of granularity - that’s what Cloudflare Firewall is for. Though you’d need at least the Business plan to use regular expressions in firewall rules.