Configuration Issue or Security Hole for Teams?

I’ve either got a configuration problem or i’ve found a huge security hole in Cloudflare Teams.

Since the Cloudflare crew is way smarter than me, I’m going to assume I’ve configured something wrong.

I setup a self hosted app at: mysite.com/app

If I got to https://mysite.com/app I get the Teams log in screen

However, if I go to https://**www.**mysite.com/app I do NOT get a login screen and I’m taken directly into the app

I went back and configured the app in teams as www.mysite.com/app and it now does the opposite. https://www.mysite.com/app is secure but https://mysite.com/app is NOT secure

Anyone know what configuration step I may have missed?

Thanks

mysite.app =/= www.mysite.app so the policy for a doesn’t match b. You can create 2 policies (one for each unique host) or set up a page rule to redirect the root domain to www or vice versa.

1 Like

Thank you

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.