Cloudflare for Teams: how to apply a policy to a gateway location and block websites for specific users

Hello,

I’m having a few issues with CFT. For some background I am using OPNsense with DNS being sent to CFT via unbound DNS custom options using TLS. I have tried with and without the warp client on the devices I want to block.

First is that when I look at my Gateway > Locations > home location it states there that I have “0” policies. In Gateway > Policies I have two rules but I see no way to assign a DNS (new) policy to my location. How do I assign a policy?

My next issue is trying to block a group of websites to specific users/computers. I just can not get consistent blocking. I works sometimes I try something else and what was just working stops working.

Hi there,

I assume you’re seeing something like this:

If that’s the case, all you need to do is go into the location with Edit and Assign policies is an option within the location screen.

My next issue is trying to block a group of websites to specific users/computers. I just can not get consistent blocking. I works sometimes I try something else and what was just working stops working.

I’d suggest raising a ticket so that we can dig into your specific use case. If you can share the ticket number with me here I can follow up on this.

Hi @nnyan.tengwar we’re working on updating the UI. The policies that are referenced in that list of locations are referring to our legacy policy engine, not the list of rules. If you create a DNS rule, it will apply to every location unless you specify a “Src IP” selector referencing the registered source IPv4 address of a specific location.

Can you provide a screenshot example rule that works intermittently?

Or this

Here is my Gateway location:

Logs:

I don’t have the option to assign a policy:

For clarity the policy above is the most consistent but it blocks it for everyone. Trying to block these for a specific group never seems to work.

If I’m pointing my DNS vis TLS to CF at my router (opnsense) do the computers I want to run need to run the Warp client? Even with that it still doesn’t work. I’ve tried to define the group via user email, IP address

So this is working for the entire domain but no matter what I do I can’t get it to attach to specific users.