Cloudflared rewriting public url to service url

I have a cloudflared tunnel configured and set up for private network and that’s working.

To the configuration, I added a Public Hostname:

Public Hostname:

I added the Origin Server Name, turned on No TLS Verify, and set the HTTP Host Header, as these are hosted on IIS servers using host headers.

I now want to grant users access via the App Launcher so they don’t need the warp client installed. I then added a ZeroTrust Access Application for the public hostname and set the policy (which is working).

However when I click the link in the App Launcher, it redirects the user to the internal URL, which is absolutely not what we want to happen.

I’m sure I’m missing something simple here, but I don’t seem to have this problem when using other cloudflared instances.

Somewhat stumped here. Thanks.

Cloudflare Tunnel won’t do that itself, so it sounds like your origin server is trying to redirect. Check logs and your configuration on the endpoint and see if it is performing any redirects.