Tunnel Policy

Zero Trust Cloudflare Tunnel
1

What is the name of the domain?

mylab.net

What is the issue you’re encountering

Filter specific user who can access the application

What steps have you taken to resolve the issue?

Using Zero Trust, I’ve created a tunnel to access my local application remotely. A policy to filter the source IP was bound to the application, and this worked perfectly.
However, in the authentication page, any email address you type in can receive an OTP. Is this default behavior? I want my specific email to receive the code. I tried to create a policy for email, but I can’t make it work.

2

Is your policy set to Allow or Block? :thinking:

Furthermore, did you add Include Emails or?

Default behavior is block. Cloudflare Access is a deny by default service, which means if a request does not match any policy action, the default action is “Block.”

Create a policy with Allow action and add Emails include youremails.

slika
slika1001×144 4.48 KB

slika
slika1001×308 11.6 KB

Meaning, if you’ve got only one single Allow policy and added your email address(es), only when you enter them, they are the ones which would and should receive the OTP pin code.

1 Like
3

Hi @fritex

Thank you for the response.
Yes, the policy is set to “Allow”, and there is only one email I added…

image
image560×131 2.99 KB

4

Does that mean you now have multiple policies? If so, the first would allow everyone to connect from the IP you configured, while the 2nd would allow someone with access to your email to connect from everywhere.

3 Likes
5

Hi @Laudian,

I created new policy with two conditions and seems working now :slight_smile:

image
image450×117 3.94 KB

2 Likes
6

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.