Multiple access policies for a single application - Application Paths · Cloudflare Access docs

Hi,

I’m trying to configure Bitwarden with Cloudflare Access.

Findings:

  1. Works fine on the Web Browser and Browser extension
  2. Has issues in the other Bitwarden applications as they aren’t aware of and do not send the CF_Authorization Cookie.

Hence, I’m trying to exclude the URL prefixes that those applications use. In Cloudflare Access terms, I’m trying to Bypass Everyone who accesses certain URLs.

It’s seems a bit long winded to have to create an Application for each URL prefixes that I need to Bypass.

Is there a way to just exlcude those URLs within the same application? An exclusion rule maybe?

Thanks

@haneef95 you should be able to exclude the URLs that you want. Were you able to get this configured or are you still having issues setting up Access for our use-case?

Thanks for picking this up @Brian_M

I’m currently doing a workaround… Whereby, I’m creating individual Cloudflare Access applications for each URL prefix that I need to have excluded. This ends up having multiple applications on the org.cloudflareaccess.com app launcher.

There’s no way to do that as a rule within an application right? - Hopefully I’m wrong about this.

Kindly advise on proceeding further.

Thanks

So the flexibility of application paths is defined here:

https://developers.cloudflare.com/cloudflare-one/policies/zero-trust/app-paths

There’s no ability to add a bypass rule by path today. Could you raise a product request here:

Make sure you give some examples with paths/urls to illustrate your use-case. I’ll share with the product team.

1 Like

Thanks.

Created now: Access: Bypass rule by URL - Feedback / Product Requests - Cloudflare Community