I’m successfully using cloudflare access for a tunnel to local resources.
To lock down the tunnel there is one-time PIN access to *.mydomain.com. There is however, one subdomain, forum.mydomain.com, that I would like to remain open.
Can I configure an exception that disables one-time PIN for a specific subdomain?
The other approach would be to ditch the wildcard *.mydomain.com and add individual rules
for each subdomain to be protected but it is a bit onerous because there are 9 of them, and there will likely be more.
If you make another self-hosted application specifically with the subdomain forum, and the domain, with the action Bypass, including Everyone, you should be able to achieve what you are looking for. The most specific application matches: Application paths · Cloudflare Zero Trust docs
You can now add more than one domain per application as well, if you did want to ditch the wildcard, as simple as clicking “Add Domain” in the overview: Access Multi-Domain Applications
