I set up a web-based VNC access with cloudflared similar to this guide
Also using the same tunnel, a web-based SSH access similar to this guide
With only ‘Allow’ email rules set up with access, this works.
If I have any IP-based Bypass or Service Auth rules, then it breaks without any errors. I just get a blank screen in the browser, it is a completely empty response. Removing those rules, and my applications work as expected. So it seems we cannot use bypass or service auth access rules with these web-basesd applications.
Is it a known issue or potentially a documentation update? I was very confused at first because I started off with the bypass rules, so this could potentially confuse others as well.
Yes, this is a documentation oversight. SSH and VNC applications must be used with an Allow rule action. These implementations were built to expect a user authentication as part of the flow.