Cloudflare's WordPress APO feature conflicts with Zero Trust

Cloudy233333 · June 19, 2024, 10:33am

What is the name of the domain?

cloudy233.win

What is the error number?

310

What is the error message?

What is the isssue you’re encountering

Cloudflare’s WordPress APO feature conflicts with Zero Trust. When I enable the APO feature, the self-hosted Cloudflare Zero Trust Access under the same subdomain doesn’t work properly, showing the error code ERR_TOO_MANY_REDIRECTS. When I disable the APO feature, Zero Trust Access works normally again. I checked the related Rules and didn’t find any conflicts. I have already tried setting the subdomain related to Zero Trust Access to bypass the cache, but it didn’t work.

What steps have you taken to resolve the issue?

I have already tried setting the Configuration Rules and Page Rules of the subdomain related to Zero Trust Access to bypass the cache,or change the TLS/SSL settings, but it didn’t work.

What are the steps to reproduce the issue?

Simply turning on the APO switch causes the subdomains related to Zero Trust Access to fail to load after authentication, showing the error ERR_TOO_MANY_REDIRECTS. Simply turning off the APO switch allows the Zero Trust Access page to load successfully. The authentication process works normally, and the ERR_TOO_MANY_REDIRECTS error occurs when trying to load the actual service page after authentication.

ncano · June 19, 2024, 2:26pm

I’m afraid Access is not compatible with APO: Self-hosted applications · Cloudflare Zero Trust docs.

Cloudy233333 · June 19, 2024, 2:45pm

Can I use Configuration Rules to set my self-hosted Zero Trust Access subdomain to bypass APO, Zaraz, and SXG? Currently, I don’t see an option to set bypass APO for a specific hostname. Logically, APO should only affect the subdomain where the Cloudflare WordPress plugin is installed, right? I don’t understand why APO would impact my non-WordPress subdomains.

ncano · June 19, 2024, 3:53pm

Due to the way how it was engineered, APO runs on your entire zone and the decision on whether the WordPress optimisation should be applied or not is made within APO’s code. For this reason we do not have an APO control in Configuration Rules at this time.

Cloudy233333 · June 19, 2024, 5:49pm

Thank you! I think I’ll have to create another domain name for my Zero Trust Service. It’s sad to hear that APO will affect my entire domain zone, because when I saw " Note: APO runs against the following list of hostnames: blog.mydomain.com WordPress plugin successfully detected on blog.mydomain.com", I thought the APO was only work for that specific domain.

system · June 21, 2024, 5:50pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
ERR_TOO_MANY_REDIRECTS on Zero Trust Access Access	10	4605	June 19, 2024
Err Too Many Redirects A AAAA records for both Root and Subdomain DNS & Network dns , dash-ssl-tls , dash-getting-started , dash-errors , dash-troubleshooting	4	4442	June 15, 2019
ERR_TOO_MANY_REDIRECTS after adding cloudflare Security	2	623	October 3, 2023
ERR_FAILED or ERR_TOO_MANY_REDIRECTS Access	0	962	October 2, 2023
Zero Trust Too Many Redirects When Try to Join Organization Zero Trust	5	274	November 13, 2024