CF Access + Healthcheck == πŸ’”

Alright. We just started to use Cloudflare Access to protect our internal resources. One problem is that we have health checks on our admin domain, and that causes our previous health check to fail. Accessing https://domain/healthcheck we expect 200 response. However, after enabling Access we now get 403. I tried to add all Cloudflare IP ranges (found here: https://www.cloudflare.com/ips-v4) as another rule to let Cloudflare access our admin site without authentication.

How to bypass Access for Cloudflare Health Checks?

Something you could try is using Service Tokens for your health check to authenticate. It just requires you to configure your Access group to add the service token and then add the needed headers to your health check configuration. Done something similar before with Prometheus a while ago

2 Likes

Thank you for the hint. I started out to create an Access Group with service token, but that was not needed (or I actually couldn’t get it to work). It was as simple as adding a Service token and then in the policy use non_identity. After that I just set the requests headers as defined, and all good :slight_smile: Thanks… :heart::heart::heart:

Here is the policy used (in complement to the other policies):

2 Likes