Hi there folks,
i am trying to secure a locally hosted website using cloudflare access. I created the tunnel and the corresponding hostname. This all works like it should.
Next thing i did was to create an application on top of it and using an allow policy with mails ending with @ mydomain.com and one time PIN as authentication. This is also working.
I have an app that has to connect to this website without authentication. So i installed the warp client on my android phone and enrolled it into Gateway/Zero Trust/Teams. I went into the Warp client menu and added device posture checks for warp, gateway and android version.
Then i created an bypass policy for this application, if the connections is made via gateway.
If i access the teams -> devices site on the zero trust dashboard i see the enrolled device and the completed posture check for android version. But nothing from warp or gateway, even if the phone is connected. CHecked via https://cloudflare.com/cdn-cgi/trace and warp and gateway are on.
But if i try to access this website via the phone connected to gateway i still get the time PIN login and the app is not able to connect.
I disabled QUIC/HTTP3 for the domain, there are no split tunnels configured, so everything is going through cloudflare.
Is there anything i am missing? Thanks!!!
You could, instead of going through the public hostname for your Android App, also add the IP of the local webserver to the Tunnel as a private endpoint and let your app access that directly, this circumvents the authentication of the Access Application, so you won't need a bypass action.