Cloudflare Access + Git LFS

Hi there,

We’re a small development studio that’s evaluating using Cloudflare Access for our self-hosted services – issue trackers, source control, etc.

We have git working but it’s not possible to pull any LFS content. The urls are redirected to the Cloudflare login and outputs many errors, similar to this:

fatal: unable to update url base from redirection:
  asked for: https://www.repourl.com/repo.git/info/refs?service=git-upload-pack
   redirect: https://org.cloudflareaccess.com/cdn-cgi/access/login/www.repourl.com? ...

Is there a recommended way to handle this with little to no input required by our developers?

My current idea is to create and run a batch script periodically to call cloudflared login and export the access token to an environment variable.

We add the environment variable to http.extraheaders when cloning a repository:
git clone -c http.extraheader="cf-access-token: $TOKEN" https://www.repourl.com
This should work as long as the token is kept updated.

Is there a better way to do this?

Cloudflare WARP for Teams can be used in your policies as a bypass option, meaning anyone using that who is enrolled into your Zero Trust org can skip the login screen.

1 Like

Using that link, I’m able to restrict access to our apps to users running the WARP client under our org, but it still requires login/authentication when trying to access the urls…

You’ll need a Bypass policy using the Gateway selector - Allow policies will always show the login page.

1 Like

Ah, that works great. Thanks!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.