Created a tunnel before Access application

What is the name of the domain?

redacted

What is the issue you’re encountering

My new Access application does not appear to be protected my existing tunnel

What steps have you taken to resolve the issue?

I created a tunnel some time ago, which has been working well. Today I tried to add an access application using Google as the ID provider to restrict traffic reaching the tunnel.

I’ve created a policy, configured the IdP in Google and created an application which references that policy, but when I visit the URL of my tunnel, I am not prompted to login.

I suspect the cause might be this note (Publish a self-hosted application to the Internet · Cloudflare Zero Trust docs):

Note

We recommend creating an Access application before setting up the tunnel route. If you do not have an Access application in place, public hostname routes in Tunnel are available to anyone on the Internet.

I didn’t do this (because I didn’t know I needed to). I can’t find any documentation on how to retrospectively add the Access application to my tunnel. Is there anything I can do?

The order doesn’t matter. The warning just means that the tunnel route will be available until you create the Access application, so it’s better to create the application first.

Can you share the settings for your Access application?

Ahhh - thank you, just knowing that it should be working was enough to make me realise my mistake.

I’d left the subdomain blank, thinking that would make it apply to all subdomains. I’ve now realised I needed a * wildcard for that.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.