Anyone know how in zero trust i can have a policy for a domain, but with exclusions for certain path
Anyone know how in zero trust i can have a policy for a domain, but with exclusions for certain paths that would be accessible to everyone?
EYou can create a new policy with the paths, action of Bypass and selector of Everyone
DIs it possible to calculate a AWS-HMAC-SHA256 signature using a WAF rule?
https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html#create-signature-presign-entire-payload
https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html#create-signature-presign-entire-payload
Authenticate requests using the HTTP authorization header to compute a checksum for smaller payloads.
DHow I can report a typo/bad translation in Cloudflare translations?
DThe new WAF challenge window translation says in my lang something like "Verification you're a human" instead of "Verifying you're a human" (that is the current phrase in english)
DSo it fells weird
ECould you share which language, and what the current & expected translations are? I can pass it along
Dwhy does the
http.request.uri.args["ttl"][0]
KI don’t think so, the WAF doesn’t have access to your R2 tokens
Dall good, I ended up just doing a regular HMAC rule.
Cohm, I can't
Add domain
Thi guys, is there anyway to add
CORP.cloudflareaccess.com
DSpanish.
Current translation:
Verificar que usted es un ser humano
Expected:
Verificando que usted es un ser humano
Current translation:
Verificar que usted es un ser humano
Expected:
Verificando que usted es un ser humano
EThanks!
EI passed this to the challenges team and they will fix the translation, thanks for your help
CIt doesn't work
Edo you have a proxied DNS record?
DDo modified response headers resulting from a transform rule get cached?
Thi guys, how can I add CORP header to
.cloudflareaccess.comrequire-corp.cloudflareaccess.comthis problem used to happen with turnstile but it was fix a while ago
Tit's really inconvenient to force users to goto R2 custom domain.
Clol yea it'd be nice. We don't even have colo name in ruleset engine atm
Dwe actually do have
cf.colo.idyea but not name
Cid is just the numerical number assigned, not the iata airport code
Cyou could potentially make an auto updating redirect rule using that though
DI couldn't figure it out, but couldn't we use lookup_json_string to convert the id to a name?
Cwhat would you be looking up off?
Clike hardcoding the entire json list of colos, and then looking up for region?
Dhmm, doesn't
substring(cf.ray_id, 17)I get
MIAit seems to complain that the json isn't dynamic too
CI think the end problems are the same though, what if it's a brand new colo not in that list?
Csnippets would be a nice solution for this lol, one day
Cnot everything would nicely follow redirects either
Dhmm, is there a function to use that would fallback to a default region?
Cif json lookup worked you could maybe embed the json in both the match and the replace to check if it exists first.
Dbahaha I was thinking that too lol
Cwould need biz or higher though lol
Dah
DI want to ideally stick to pro-only things
Doh, that's an interesting idea
Dhang on
Dcan't I do this with the substring and make it even easier?
Done sec
CI hate how restrictive the ruleset engine is lol
Cso close so being super flexible and then it kneecaps itself
