Cloudflare Access wildcard logic change
In case you are using Cloudflare Zero Trust with wildcards, and have missed this note from the company:
You are receiving this email because your account has an Access Application with a wildcard definition that will begin to cover more URL combinations. We are updating our wildcard behavior in Cloudflare Access for wildcards at the end of a path not following a slash character (e.g. example.com/text*). If no action is taken before April 20th, 2023, an Access login screen will be presented for additional path combinations.
Current Access Application behavior
After April 20th, 2023 at 20:00 UTC, all three path combinations will be covered by Access. If you would like to exempt specific paths from Access, a Bypass policy can be configured.
How to identify impacted Access Applications
To identify which Access Applications will be impacted by this change, please open the Zero Trust Dashboard, navigate to Access→Applications and search for the * character. This will highlight any applications that may require modification.
I consider this to be the logical way the wildcard should work - as it should have been from the start.
I've updated my Cloudflare Zero Trust article - as this wildcard function was one of my complaints.
Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
BikeGremlin's web-hosting reviews