You can certainly try and let us know. Access does seem to allow overlapping policies, but I don’t know which takes precedence. There is an “Everyone” group and you can set it to Bypass the Access screen.
I figured it out. You have to create two applications, a normal one with the bare domain/sub-domain without a path, which will have the policy to grant access. Then, you create a second application which specifies a path, shown in the screenshot. This application should have one bypass policy, also in the screenshot.
Oh. I tried to do it. And this worked for about a month. However, the URL with the Bypass policy is now under authorization again. Seems CF Zero Trust does not guarantee the order of checks.