Little help regarding custom headers and bypassing access please

Having a rough go of it. 0-100 cram session as somebody who never exposed things to the www much less hosted anything for others.

I’m attempting to allow access to tautulli remotely. I’ve accomplished this but im only protected by tautulli’s own auth which I gather isnt the best security practice or at least not as secure as sticking it behind access as well.

I created an application and all is well remotely ala webui. The issue i’m running into is the ios app. The minute I place it behind access, it goes kaput.

this led me to the word/phrase custom-header which is apparently something i should get familiar with going forward.

the ios app has “Add custom HTTP Header” and gives you the choice of “Basic” or “Custom”

Basic seems to be just username and password which I gather isnt going to do me any good. Custom is asking for a “Header Key” and a “Header Value”

Unfortunately I have no idea what those are much less where to obtain them.

I did create a service auth token which I gather is related but I’m unsure what info I need to enter in the respective categories in the app. Hoping someone can help me out so I can get this functioning and understand how to use service auth/custom headers a bit better going forward.

Tried to add the CF-Access-Client-ID: to Key and the CF-Access-Client-Secret: to Value but has so far bore no fruit.

I added a second policy presumably to enable/test and tried as a “bypass” which greeted me with an invalid rule for anonymous policy type error.

Tried with the action being Service Auth and allowed the aforementioned token. No bueno.

I phoned a friend on this one, not sure if this advice is accurate, may be worth a try. Let us know if it helps.

You can use the service auth token you generated as your custom HTTP header. Enter Cf-Access-Token as the Header Key and the token itself as the Header Value. Here’s how you do it:

  1. Open your iOS app and locate the “Add custom HTTP Header” option.
  2. Choose the “Custom” option.
  3. In the “Header Key” field, enter Cf-Access-Token.
  4. In the “Header Value” field, paste the service auth token you generated earlier.
  5. Save the changes and test the connection.

Remember to replace all placeholder tokens with actual ones in your production environment.

Hi and thank you for the reply!

So I gave that a go and im still being stonewalled. It’s likely due to me having mucked something up somewhere though. Let me supply some screenshots to make sure we’re on the same page and I’m doing everything correctly.

Here is the created token and the client-ID which I assume is the “token”?

Here is the policy under my Tautulli application, I assume Service Auth is what I want?

Finally here is a screenshot from the app itself showing the information entered as I understood it from your post.

Ideally what I want to happen here is any access from the webui in a browser to prompt for auth which it does do fine, but maintain the ability for the ios app to bypass the pin and still connect to tautulli as it does when im not behind access.

Appreciate the help!