Trying to allow subfolder of static files access while rest of site is blocked

What is the name of the domain?

app.example.com - app.example.com/files/something.png

What is the issue you’re encountering

Cloudflare is properly blocking traffic until I authenticate. But that means that emails sent from the service, that include images, etc. include broken images.

What steps have you taken to resolve the issue?

I’ve been digging around in the community and through Google and I’m not seeing anything that explains this situation. It seems like something I should be able to do by simply added another rule to an application in zero trust. But the rules don’t let you associate them with different things as far as I can tell. And attempting to create a second application (for as karate set of rules) gives the error that the domain is already being used by an app.

Does anyone know how to do this?

It should where app.example.com is prompted for authentication. But something like app.example.com/files/image.png is not prompted. Thus the app is protected, but when someone opens an email sent from the service, that links back to files, they actually show up.

In this case it’s a local install for Invoice Ninja.

Hi there,

Simply create a second application with the same domain and subdomain and the path you need to bypass, then add a Bypass policy:

Take care.

1 Like