Custom HTTPS(Beta) Profiles Missing in Gateway?

I attended the Zero Trust webinar today and in the demonstration, the presenter had a DNS and HTTPS tab on the Gateway Policies page which had DNS or HTTPS(Beta) tabs where he was able to make Layer 7 custom rules.

I don’t see that option available on my account, which is Pro.

Is this something that is still something that is gradually rolling out?

This is a part of Cloudflare for Teams and requires a paid Teams subscription. You should be able to enable this by visiting https://dash.teams.cloudflare.com/ and navigating to the bottom left of your screen where you’ll find Settings > Account > Choose a Plan.

Upon signup, you’ll be directed into our onboarding flow which you’ll need to complete to get started. If you have any questions along the way please reach back.

1 Like

Thanks for clearing that up, it wasn’t clear in the marketing verbiage.

I deployed teams successfully, all though it was not a clear process, having to search for the client download and subdomain settings for WARP on iOS.

After 48 hours, I’m disabling it as there are too many false positives with domain blocks and other services such as connections to Apple and iCloud. I don’t have time to keep entering new allow list rules.

Also, without the ability to escape sensitive URLS such as banking services, I’m not comfortable with the service as much as I trust CF as a company.

I’ll check back in six months to see what’s evolved and tightened up.

@JohnWick Thanks for the feedback. What Apple services were not functional through Gateway? We’re only proxying 80/443 traffic at the moment and I’d like to try and reproduce any problem you have.

If you’d like to bypass banking sites, you can use a regex match against the hostname to bypass that traffic from inspection and logging. For example, you could build a rule like this:

Selector: Host
Operator: matches regex
Value: .*wellsfargo.com
Action: Bypass

Hope this meets your need and thanks for helping us make this product better for everyone.

1 Like

Since I’m on the Free Plan up to 50 users, I don’t have the regex rule options for bypass, which Abe indicated.

Here are the top services being blocked.

Hi @JohnWick, tracking down what could be going on at the DNS layer. Would you mind sharing the categories you’ve selected to block?

Didn’t have too much checked on, but it looks like I accidentally checked “Technology” which would probably explain those blocks.

Tech