I have a Tunnel Running in zero trust that is supporting a simple web application. In that application have an allow policy that is set to allow with the settings"
Selector: Everyone Value: Everyone
Require is set to a group, that contains the allowed countries USA and CA.
Basically I want un authenticated access for anyone in US or CA.
When I enable to policy I get the Cloudflare Access screen with the send me a code prompt asking for email authentication.
Please advice, what am I doing wrong.
You should configure this as a Bypass policy, with Include selector instead of Require.
Thanks for the reply.
I think I have it working after a lot of trial an error. I had to create two bypass policies. I used the following in the bypass policy:
I am not really sure how to test this out at the moment, other than removing my country and seeing the block page.
I tried the include setting you mentioned but in my testing I could not get it to work.
What about using a second device with a VPN set to a country outside of USA or CA and see if you can access or if it shows you the blocked page?