Trouble bypassing /assets* and /favicon* paths in Zero Trust
Hi all,
I’m trying to set up a Cloudflare Zero Trust policy so that some static files are not protected by Access — specifically:
/assets/*
/favicon*
/site.webmanifest
Right now, these paths still get intercepted by Zero Trust when I deploy. I can’t figure out the right place to configure a “bypass” for them.
Questions:
1. Do I need to create these as separate Access policies with “Bypass” action? If so, where exactly in the dashboard do I add them?
2. Should I be doing this inside the Access → Applications → Policies section, or in the Gateway HTTP policies?
3. For the path syntax — is /assets/* correct, or should I be using something else like .domain.com/assets/?
I just want my main app protected by Zero Trust login, but allow those static files to load publicly without breaking the site.
Any guidance or example screenshots would really help. Thanks!
0 Replies