Multiple access policies for a single application - Application Paths · Cloudflare Access docs

Hi,

I’m trying to configure Bitwarden with Cloudflare Access.

Findings:

1. Works fine on the Web Browser and Browser extension
2. Has issues in the other Bitwarden applications as they aren’t aware of and do not send the CF_Authorization Cookie.

Hence, I’m trying to exclude the URL prefixes that those applications use. In Cloudflare Access terms, I’m trying to Bypass Everyone who accesses certain URLs.

It’s seems a bit long winded to have to create an Application for each URL prefixes that I need to Bypass.

Is there a way to just exlcude those URLs within the same application? An exclusion rule maybe?

Thanks

https://developers.cloudflare.com/access/policies-and-rules/app-paths

@haneef95 you should be able to exclude the URLs that you want. Were you able to get this configured or are you still having issues setting up Access for our use-case?

Thanks for picking this up @Brian_M

I’m currently doing a workaround… Whereby, I’m creating individual Cloudflare Access applications for each URL prefix that I need to have excluded. This ends up having multiple applications on the org.cloudflareaccess.com app launcher.

There’s no way to do that as a rule within an application right? - Hopefully I’m wrong about this.

Kindly advise on proceeding further.

Thanks

So the flexibility of application paths is defined here:

There’s no ability to add a bypass rule by path today. Could you raise a product request here:

Make sure you give some examples with paths/urls to illustrate your use-case. I’ll share with the product team.

Thanks.

Created now: Access: Bypass rule by URL - Feedback / Product Requests - Cloudflare Community

Now trying to put a number of WordPress Admin Dashboard behind Cloudflare Access, however, without the option to bypass url within the same application, I’m having to create 3 different applications for each site, just to cater for the single /wp-admin url, explained here:

Would be good to get some timeline for when this feature will be deployed or if it’s being considered.

Thanks,

Not sure this is the same issue, I have Pages preview builds protected by Access, which works great, though I’d like to get a specific path to be excluded/bypassed but I can’t get this working.

I created a 2nd app, same domain just added a path and tried to bypass Everyone or ideally only specific IPs but none of those work as I could never access those without being redirected to Access auth page.

Am I doing something wrong? Or is this the same issue? From some forum posts about how to bypass webhook paths it seemed that others have got it working tho no-one really shared exact steps Also asked in Discord though never really got an answer.

For now I have a separate Worker for the webhook which is sub-optimal as this complicating DX a lot, especially local dev & having separate environments

I also asked in the feature request, though I’m not sure that’s a good place

Got it working thanks to help on the Discord server.

Needed to add a separate app for the .pages.dev domain as well so now I’ve got

• *.project.pages.dev - to allow access to all preview builds only to team members
• feature.project.com - same as above for the custom branch subdomain alias
• feat.project.com/webhook-path - to bypass Cloudflare Access for everyone
• *.project.pages.dev/webhook-path - same as above, as apparently bypassing the custom domain isn’t enough as this falls back to pages.dev Access

The webhook “protects” itself already no need for Cloudflare Access here