Best channel to go to for Zero Trust help?
Howdy Cloudflare community. What is the best channel to go to for help with setting up Zero Trust applications? I am trying to whitelist a certain range of IP's for a worker I built but it is still redireting it to Cloudflare zero trust deny page.
8 Replies
If there is no specific channel, I think here is fine.
O.k. I am trying to create an Access Application policy:
1. Created a Self-hosted policy:
2. Defined the app name and added in all of the IP address to allow as an INCLUDE and a REQUIRE
3. I have tried it with the default CORS setting and disabled all of the CORS settings and the provider sending data to a webhook I build always get's a 302, when my policy is enabled on my domain:
Basically how do I setup a simple policy to only allow certian IP ranges to my worker (domain in this case)?
Are you sure you need zero trust for this? You can achieve this with the WAF (there are valid use cases where you use ZT for this but just asking)
sorry thought no one would see it here.
Well it's not easy to add WAF to your account :(. I have to "Talk to a sales" person to add it to my account.
just redirects me to some form to fill out
just using what I can enable quickly and apply to my workers.
Every domain has its own WAF settings, you are probably looking at the account/project wide WAF, that is an addon.
Indeed, you should be able to add a WAF rule even to free zones here: https://dash.cloudflare.com/?to=/:account/:zone/security/waf/custom-rules
Bear in mind you can't add a WAF rule (or use ZT) to guard access to .workers.dev domains, so best to disable it (or put an access policy in front of it in the case of Pages)
How do I lock down external access to all *.workers.dev domains? Basically I want to make sure that the world is not able to ping some of my workers, either with the published domain or by the *.worker.dev domain.
workers.dev can be disabled from the dash or from wrangler.toml