Cloudflare Access? Exclude Path from authentication?

Hello, I have a staging deployment of my application that I just secured with “Cloudflare Access”. It is working well, great product.

I would like to exclude a single path from authentication: /hooks

I need incoming webhooks from 3rd party service to be able to reach my service.

Any ideas?

You can certainly try and let us know. Access does seem to allow overlapping policies, but I don’t know which takes precedence. There is an “Everyone” group and you can set it to Bypass the Access screen.

1 Like

Thanks. What did the trick was setting the policy decision to “Bypass”. The order does not seem to matter.


And the main policy still limits access everywhere else?

It appears so. It’s pretty cool.


Now if only Traefik (the reverse proxy of my choice) would support authentication Cloudflare requests OOTB. :wink: