What is the name of the domain?
What is the issue you’re encountering
Requests to the hostname api-internal.lema-app.com, originating from the IP address 52.230.104.208, are not being processed by the configured Cloudflare Access application. While the request reaches Cloudflare’s network, no logs are generated in either the Cloudflare Access Logs or Security Events. Initially, the Cloudflare Access login page was displayed, but further testing revealed a complete absence of logging—even when a broad bypass rule was temporarily added.
What steps have you taken to resolve the issue?
Troubleshooting Performed:
Confirmed Source IP:
Verified the request comes from 52.230.104.208 using
curl https://www.cloudflare.com/cdn-cgi/trace.
DNS Validation:
Verified resolution via public DNS (1.1.1.1, 8.8.8.8) and confirmed that disabling the proxy correctly exposed the .cfargotunnel.com endpoint, then re-enabled proxying.
Tunnel & Hostname Check:
Confirmed the hostname is correctly listed under Public Hostnames in the tunnel configuration, and the tunnel remains healthy.
Access Logs & Policies:
No entries appear in the Access Logs or Security Events, even after applying a broad "Bypass Everyone" policy at the highest priority (which was later removed).
Firewall & WAF:
No IP access rules blocking the traffic
No relevant events recorded
No active rate limiting for this hostname/IP
Restarted cloudflared:
Restarting the service had no effect.
What are the steps to reproduce the issue?
Configuration Summary:
Hostname: api-internal.lema-app.com
DNS: Configured as a proxied CNAME pointing to:
eade42b7-49f6-41e5-a735-457d5bb585f8.cfargotunnel.com
Tunnel: Tunnel ID eade42b7-49f6-41e5-a735-457d5bb585f8 shows as Healthy in the Zero Trust Dashboard.
Access Application: Self-hosted app targeting api-internal.lema-app.com
Access Policy:
Action: Bypass
Rule: IP Range includes 52.230.104.208/32
Policy is placed with top priority.