Zero Trust Gateway API Bug "app.ids" ends up as "app.hosts_ids"

j3m · February 18, 2025, 9:19pm

For Workers & Pages, what is the name of the domain?

n/a

What is the issue or error you’re encountering

POST to the API using “app.ids” results in a rule using “app.hosts_ids” which is not manageable from the UI

What steps have you taken to resolve the issue?

Tried Python and Curl. Both have the same result

What are the steps to reproduce the issue?

Example CURL script where you can see in traffic I am using app.ids to create a Gateway HTTP Bypass Policy

#!/bin/bash

# Set your account ID and API token
account_id="ACCT_ID"
api_token="TOKEN"

curl --request POST \
  --url "https://api.cloudflare.com/client/v4/accounts/${account_id}/gateway/rules" \
  --header 'Content-Type: application/json' \
  --header "Authorization: Bearer ${api_token}" \
  --data '{
    "name": "Bypass Microsoft 365 Test",
    "enabled": true,
    "action": "off",
    "filters": ["http"],
    "traffic": "any(app.ids[*] in {626 594 635 514 601 596 597 680})"
}'

The output you can see below where traffic has been changed to app.hosts_ids causing the rule to error in the UI with this warning:

Back end only selector ‘app.hosts_ids’ and ‘app.supports_ids’ are not manageable from the UI. Please use ‘app.ids’ instead to manage this rule from the dashboard. Your policy works as expected, but uses features unavailable in the dashboard. Use the Cloudflare API or Terraform to update this policy.

I need to know these rules work correctly and they can be edited from the UI when required.

{
  "result": {
    "id": "UNIQUE_ID",
    "name": "Bypass Microsoft 365 Test",
    "description": "",
    "precedence": 65679,
    "enabled": true,
    "action": "off",
    "filters": [
      "http"
    ],
    "created_at": "2025-02-18T21:02:27Z",
    "updated_at": "2025-02-18T21:02:27Z",
    "deleted_at": null,
    "traffic": "any(app.hosts_ids[*] in {626 594 635 514 601 596 597 680})",
    "identity": "",
    "device_posture": "",
    "version": 1,
    "rule_settings": {
      "block_page_enabled": false,
      "block_reason": "",
      "override_ips": null,
      "override_host": "",
      "l4override": null,
      "biso_admin_controls": null,
      "add_headers": null,
      "ip_categories": false,
      "ip_indicator_feeds": false,
      "check_session": null,
      "insecure_disable_dnssec_validation": false
    }
  },
  "success": true,
  "errors": [],
  "messages": []
}

Screenshot of the error

MariG · February 25, 2025, 2:26pm

Hi there,

I see that you’ve opened a case, and my colleague is already analyzing it. They’ll provide you with an update soon!

j3m · March 3, 2025, 8:58pm

@MariG any update on the case?

Topic		Replies	Views
Code 7000 on Zero Trust API (No route for that URI) API	3	95	January 3, 2025
[Bug] Suddenly can't manage firewall policies on any my private and business accounts Gateway	1	982	April 2, 2023
Gateway Bypass showing in logs, no matching policy Gateway	1	1567	April 13, 2022
Cloudflare Access Question - Allow Access on premise Access	8	4516	February 6, 2021
403 when use bypass allowlisted IP policy Access	7	2360	September 6, 2024