Web interface issues with setting up Zero Trust Network Access

Following documentation for setting up Zero Trust Network

http://developers.cloudflare.com/cloudflare-one/setup/

Trying to add policies in accordance to instruction
(step: add OTP users, which requires adding users to policies, which requires first creating policies, so that’s where I am right now.)

When I press “Add application”, a request is sent with this payload

{
   "name":"test-python-server",
   "logo_url":"",
   "type":"private_dns",
   "private_address":"test-website.parallel.bio",
   "gateway_rules":[
      {
         "enabled":true,
         "precedence":null,
         "name":"Allow rule for test-python-server",
         "description":"",
         "filters":[
            "l4"
         ],
         "rule_settings":{
            "block_page_enabled":false,
            "block_reason":"",
            "biso_admin_controls":{
               "dcp":false,
               "dd":false,
               "dk":false,
               "dp":false,
               "du":false
            },
            "add_headers":{
               
            },
            "ip_categories":false,
            "override_host":"",
            "override_ips":null,
            "l4override":null,
            "check_session":{
               "enforce":false,
               "duration":"0s"
            }
         },
         "action":"allow",
         "conditions":[
            {
               "type":"traffic",
               "expression":{
                  "==":{
                     "lhs":"net.sni.host",
                     "rhs":"test-website.parallel.bio"
                  }
               }
            }
         ]
      },
      {
         "enabled":true,
         "precedence":null,
         "name":"Block rule for test-python-server",
         "description":"",
         "filters":[
            "l4"
         ],
         "rule_settings":{
            "block_page_enabled":false,
            "block_reason":"",
            "biso_admin_controls":{
               "dcp":false,
               "dd":false,
               "dk":false,
               "dp":false,
               "du":false
            },
            "add_headers":{
               
            },
            "ip_categories":false,
            "override_host":"",
            "override_ips":null,
            "l4override":null,
            "check_session":{
               "enforce":false,
               "duration":"0s"
            }
         },
         "action":"block",
         "conditions":[
            {
               "type":"traffic",
               "expression":{
                  "==":{
                     "lhs":"net.sni.host",
                     "rhs":"test-website.parallel.bio"
                  }
               }
            }
         ]
      }
   ],
   "session_duration":"24h",
   "app_launcher_visible":true
}

and here is a response

{
   "result":null,
   "success":false,
   "errors":[
      {
         "code":12130,
         "message":"access.api.error.invalid_request"
      }
   ],
   "messages":[
   ]
}

Nothing was found for this error code.

Can you post a screenshot of what you’re adding and steps to reproduce?

Also tagging @abe

access > applications > private network

entering application name and SNI (I’ve tried a bunch of different SNIs that are both my domain, it subdomains or some domain-like names that make no sense)

Proceeding to “Add policies”, I modify nothing and just click 'add application. You can see a screenshot below, and what’s happening and I pasted above what is reported in chrome dev tools.

Neither error in interface, nor request response helped to understand what’s wrong


I’ve escalated this issue, do you have a ticket with support? If so can you post the ticket number.

Ticket was #2469596 , I think it was auto-closed because I use free plan right now

Thanks, I’ve escalated that ticket.

@domjh I have a similar error while trying to add a private-network application, should I open a separate ticket?

Yes, please open a ticket and post the number here so I can add it to the escalation.

@domjh thank you for flagging this issue. If you could also provide a har file with the support ticket we can take a quick look and escalate with engineering.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.