Cloudflare Developers•3y ago

Yeah you can stick JWT on requests. Which is why you should always validate JWT

CCyb3r-Jak3 Yeah you can stick JWT on requests. Which is why you should always validate JWT

dave•9/6/23, 7:19 PM

wait, seriously? So having a JWT will bypass all my Access rules?

Ddave wait, seriously? So having a JWT will bypass all my Access rules?

Cyb3r-Jak3OP•9/6/23, 7:20 PM

Oh sorry misread it. Access rules valid JWTs

CCyb3r-Jak3 Oh sorry misread it. Access rules valid JWTs

dave•9/6/23, 7:27 PM

if the JWT is valid but the IP isn't in my service auth list, it'll still fail right?

Ddave if the JWT is valid but the IP isn't in my service auth list, it'll still fail r...

Cyb3r-Jak3OP•9/6/23, 7:37 PM

Yeah the full access rule will be evaluated

Chaika•9/6/23, 7:39 PM

There's a table here for things that are checked at login vs checked continuously: https://developers.cloudflare.com/cloudflare-one/policies/access/#selectors

Access policies · Cloudflare Zero Trust docs

Cloudflare Access determines who can reach your application by applying the Access policies you configure.

Chaika•9/6/23, 7:40 PM

don't think there's anything unexpected in that though, basically just the login stuff isn't constantly checked, or external eval, because you would have to go through the flow again

Chaika•9/6/23, 7:42 PM

in the access app settings as well you can enable a "binding cookie" which associates the access token with the current "browser": https://developers.cloudflare.com/cloudflare-one/identity/authorization-cookie/#binding-cookie

The Binding Cookie associates the browser with the Access token; the association protects against compromised authorization tokens because the origin webapp would never see this binding cookie. This protects against session hijack style attacks.

Kasumi•9/6/23, 9:56 PM

Does cloudflare preload from CF cache and then load small changes or so like blog things or so as soon as the page is loaded?

conqr ᯅ•9/7/23, 12:41 AM

Is the

host

host

parameter on Origin Rules locked behind a specific plan? I'm getting "not entitled to use the Origin Host override" when trying to edit it

kian•9/7/23, 12:41 AM

Yep, Enterprise

conqr ᯅ•9/7/23, 12:43 AM

Is there another way to internally rewrite something like example.com/blogexample.com/blog to another IP / host (like blog.example.comblog.example.com)

kian•9/7/23, 12:44 AM

Workers can (100k reqs per day for free), Snippets will be able to (free, lightweight Workers but not yet available)

Kkian Workers can (100k reqs per day for free), Snippets will be able to (free, lightw...

conqr ᯅ•9/7/23, 12:50 AM

Workers Route right?

CChaika There's a table here for things that are checked at login vs checked continuousl...

dave•9/7/23, 1:37 AM

Thank you, exactly what I was looking for!

justaname•9/7/23, 2:15 AM

I have this really odd question if i got an api setup on something like test.com/api/endpoint can a domain like api.test.com/endpoint point twoards test.com/api/endpoint? is that something thats possible?

Kasumi•9/7/23, 5:08 AM

Could be possible I guess

Soham•9/7/23, 7:32 AM

If I have a certificate installed by my school to access the WiFi, can that see my traffic if I have warp enabled?

Soham•9/7/23, 7:37 AM

Oof warp doesn't connect when on school WiFi, any info on how to workaround that

Soham•9/7/23, 7:37 AM

Getting captive portal connection failed

SSoham Oof warp doesn't connect when on school WiFi, any info on how to workaround that

Hello, I’m Allie!•9/7/23, 7:46 AM

Turn on a VPN?

Kasumi•9/7/23, 7:49 AM

lmao

HHello, I’m Allie!Turn on a VPN?

Kasumi•9/7/23, 7:50 AM

Some schools have a good cisco DNS Server. They detect and block VPN's or other websites where you can bypass the DNS block

KKasumi Some schools have a good cisco DNS Server. They detect and block VPN's or other ...

Hello, I’m Allie!•9/7/23, 7:54 AM

Does that work if you run your own VPN?

HHello, I’m Allie!Does that work if you run your own VPN?

Kasumi•9/7/23, 7:56 AM

As long as its behind a Cloudflare Zero Trust prob. or not visible then you can prob. bypass it else they will ban it soon

Kasumi•9/7/23, 7:56 AM

Or not behind a CF Zero Trust idk its very long ago

Kasumi•9/7/23, 7:57 AM

~1-2 Years

Kasumi•9/7/23, 8:13 AM

someone know whats wrong there?

KKasumi someone know whats wrong there?

Hello, I’m Allie!•9/7/23, 8:16 AM

Firefox has it's own CA Store

Setting Up Certificate Authorities (CAs) in Firefox | Firefox fo...

Learn how to set up certificate authorities in Firefox Enterprise.

Kasumi•9/7/23, 8:17 AM

I dont have files in the docs

Kasumi•9/7/23, 8:23 AM

Had to enable the security.enterprise_roots.enabled flag

Soham•9/7/23, 8:33 AM

Isn't warp a VPN?

SSoham Isn't warp a VPN?

Hello, I’m Allie!•9/7/23, 8:33 AM

Sort of, not really

Soham•9/7/23, 8:41 AM

Dam

KKasumi Some schools have a good cisco DNS Server. They detect and block VPN's or other ...

Soham•9/7/23, 8:51 AM

Yeah my school uses sophos which I guess blocks all VPN kind of stuff because my nordvpn isn't working either

Kasumi•9/7/23, 8:53 AM

Yes

HHello, I’m Allie!Sort of, not really

Kasumi•9/7/23, 8:53 AM

It hides IP so its for me a VPN AYS_WobblesLaugh

Kasumi•9/7/23, 8:54 AM

Are there currently problems with zero Trust or did I messed up something yesterday. Because I cant install Vistual Studio staff

Kasumi•9/7/23, 8:57 AM

Uhm prob. false alarm by Cloudflare?

Kasumi•9/7/23, 8:59 AM

Our Team: Why we dont have access to this page 0271cat_cry

The Systemadministraiton: Hah, noobs
Our Team Now: Hah, noobs

Jotaro•9/7/23, 9:07 AM

Warp is working really slowly from a past few days on my laptop is there any way I can fix it ?

JJotaro Warp is working really slowly from a past few days on my laptop is there any way...

Kasumi•9/7/23, 9:11 AM

Normal warp or ZT warp?

Jotaro•9/7/23, 9:11 AM

normal warp

Jotaro•9/7/23, 9:12 AM

the speed is like fluctuating a lot

Jotaro•9/7/23, 9:12 AM

and it usually is below 1mpbs

Kasumi•9/7/23, 9:12 AM

hm prob. isp

Jotaro•9/7/23, 9:13 AM

fr ?

Kasumi•9/7/23, 9:13 AM

idk

Jotaro•9/7/23, 9:13 AM

i mean i tried different ones and still the response is same

Kasumi•9/7/23, 9:13 AM

Kasumi•9/7/23, 9:14 AM

Weird. The only time where our ZT Warp is slowly is when we upload very very much, download things, beeing in 2-3 ssh shells in "local" Network and yea

Yeah you can stick JWT on requests. Which is why you should always validate JWT

Similar Threads

Similar Threads

Similar Threads