I’ve got an application I’m trying to secure and I’m 99% of the way there. I’m using Firewall to restrict specific data to URLs and I’m using Access to force Azure AD credentials to Access the login page.
When we go to https://domain.com/link, it will automatically forward us to https://domain.com/link/login.
If we enable Access on https://domain.com/link/login, it will only challenge us for Azure AD authentication if we go directly to https://domain.com/link/login, not if we go to https://domain.com/link.
We cannot enable access on https://domain.com/link as we have other traffic going to it from applications that cannot accept an Azure AD challenge.
I hope this makes sense!
I see you’ve set ‘link’ to redirect to ‘login’…but what happens? The redirect doesn’t work? Or does the redirect happen, but “Access” don’t restrict access to ‘login’?
It automatically redirects and doesn’t throw the Access page. I tried putting a CloudFlare redirect in to see if that makes a difference, but it doesn’t. I’ll remove it so it doesn’t confuse us!
You’re saying that it bypasses Access and lets the visitor get to the ‘login’ page?
And this happens with a fresh browser? That sounds very wrong. If anybody can do this, then you’d better contact Support.
Login to Cloudflare and then contact Cloudflare Support by clicking on the Get More Help button.
This topic was automatically closed after 30 days. New replies are no longer allowed.