After clicking a link in a Cloudflare email, Gateway ended up blocking me. I wouldn’t think I need to add any Cloudflare domains to my policies, but do I need to do that?
I’d suggest looking in the Gateway logs to determine which policy is blocking the request. By default Gateway doesn’t block any content.
The link in the email goes to
content.cloudflare.com which is a CNAME record for
mkto-ab130037.com. I added
mkto-ab130037.com to my allow policy.
I guess I figured Cloudflare wouldn’t block this request.
On an initial lookup it probably doesn’t due to the recursive nature of the lookup itself. Subsequent requests for the target CNAME (when the TTL isn’t identical to the CNAME and the local cache in perfect sync) will fail because a lookup of the target has no context for the original reason for the resolution when performed later.
Also ‘no content’ is a uh… nebulous category at best as the tools used to determine that by various ‘sources of truth’ seem to (can I say suck? … sure why not) suck.
Thanks @cscharff !
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.