I dont want to add access policy to a certain subdomain.
for example i have a domain that looks like this -> https://app.mydomain.com
This domain exposes a webhook endpoint -> https://app.mydomain.com/webhook/certain_id
since this is a webhook url i need to make post requests to it or use it otherway but due to access policy i get blocked. So how can i simply say dont run it for this type or url https://app.mydomain.com/webhook
11 Replies
Hello !
I will explain it.
For example, if your access policy is enforced by an API gateway, you can add an exception for webhook requests by adding a rule in the API gateway that whitelists requests coming from the IP addresses that you want to allow.
Hope to do well.
okay it went through my head
Can i simply show you what i have tried to resolve this.
I though this much is enough but i still get blocked.
I also added the policy to App launcher
Hi @Aniket , you can do it this way.
Zero Trust -> Access -> Service Authentication -> Create Service Token
First part completed!
Now let's move to the second part!
Second part...
Create a policy in...
Zero Trust -> Access -> Policies -> Add policy
In the image, you can see the settings.
Here's the third part...
Note: The service token value isn't appearing for me because I haven't created it, but it should appear for you, and you'll need to select it.
Now let's move on to the third part.
Zero Trust -> Access -> Applications -> Add an application
Select the application type; it can be self-hosted or you can choose a customizable one.
The configurations are on thhe screen for viewing.
You can leave the rest of the settings as default.
do i need to add anything to my request endpoint?
how does Cloudflare know which endpoint to block or which to allow using this sevive token
Your question is valid, and I apologize for not including it in the application configuration. Please add your public hostname.
