In my dns i have a wildcard domain:
DNS will find the closest match first which makes sense, so monitoring.tool.example.com will be a match and resovle the given address. But missing.tool.example.com wiil hit the wildcard route… All good.
Cloudflare zero trust / access doesnt seem to work like this. So *.tool.example.com will always work with any domain. Is there a way to make acces rules use the most specific rule and stop processing all subsequent rules.
I would like a catch all access rule for new apps, but apps with specific rules to be abided by.
So *.tool.example.com might be blocked by auth, but monitoring.tool.example.com might allow anyone on a given IP address.