Wordpress & Zero Trust Access & Bypass for Ajax Requests


I have set up a CF Zero Trust Access application for https://www.lilakaro.com/wp-admin. Works fine.
However, I have the issues that the plugin CusRev (Customer Reviews) needs to access https://www.lilakaro.com/wp-admin/admin-ajax.php to post the reviews into the Wordpress backend.
Therefore, I created a Bypass rule for IP range provided by CusRev plugin support.

However, I can see there is an issue with the admin ajax on my site when submitting the review, screenshot https://imgur.com/Xqcshye.

Does anyone know how to set up the bypass rule properly? Obviously the one I created seems not to work.

Thanks a lot for your help.


Your ZT Access Bypass rule is working fine, otherwise you’d get a 302 Redirect to the authentication page, or a 403 Forbidden. Instead, the request on the screenshot received a 401, which is typically a WordPress response having to do with authentication. Check your plugins settings to see what exactly is returning the 401.