Trouble bypassing /assets* and /favicon* paths in Zero Trust
Hi all,
I’m trying to set up a Cloudflare Zero Trust policy so that some static files are not protected by Access — specifically:
/assets/*
/favicon*
/site.webmanifest
Right now, these paths still get intercepted by Zero Trust when I deploy. I can’t figure out the right place to configure a “bypass” for them.
Questions:
Any guidance or example screenshots would really help. Thanks!
I’m trying to set up a Cloudflare Zero Trust policy so that some static files are not protected by Access — specifically:
/assets/*
/favicon*
/site.webmanifest
Right now, these paths still get intercepted by Zero Trust when I deploy. I can’t figure out the right place to configure a “bypass” for them.
Questions:
- Do I need to create these as separate Access policies with “Bypass” action? If so, where exactly in the dashboard do I add them?
- Should I be doing this inside the Access → Applications → Policies section, or in the Gateway HTTP policies?
- For the path syntax — is /assets/* correct, or should I be using something else like .domain.com/assets/?
Any guidance or example screenshots would really help. Thanks!
