Skip to content

Commit 2d46467

Browse files
ranbelranbel
committed
session timeout
1 parent c6ad133 commit 2d46467

File tree

1 file changed

+35
-0
lines changed

1 file changed

+35
-0
lines changed

src/content/partials/cloudflare-one/warp/warp-sessions-gateway.mdx

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,16 +3,51 @@
33

44
---
55

6+
import { TabItem, Tabs } from "~/components";
7+
68
You can enforce WARP session timeouts on any Gateway Network and HTTP policy that has an Allow action. If you do not specify a session timeout, the WARP session will be unlimited by default.
79

810
Session timeouts have no impact on Gateway DNS policies. DNS policies remain active even when a user needs to re-authenticate.
911

1012
To configure a session timeout for a Gateway policy:
1113

14+
<Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
15+
1216
1. In [Zero Trust](https://one.dash.cloudflare.com/), go to either **Gateway** > **Firewall Policies**. Choose either **Network** or **HTTP**.
1317
2. Add a policy and select the *Allow* action. Alternatively, choose any existing *Allow* policy.
1418
3. Under **Step 4 - Configure policy settings**, select **Edit** next to **Enforce WARP client session duration**.
1519
4. Enter a session expiration time in `1h30m0s` format and save.
1620
5. Save the policy.
1721

22+
</TabItem>
23+
<TabItem label="Terraform (v5)">
24+
25+
1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/api_token):
26+
- `Zero Trust Write`
27+
28+
2. Choose a Network (`l4`) or HTTP (`http`) Allow policy. Use the [`check_session` argument](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/zero_trust_gateway_policy) to enable and configure a session timeout:
29+
30+
```tf
31+
resource "cloudflare_zero_trust_gateway_policy" "network_allow_wiki_IPs" {
32+
name = "Company Wiki Network policy"
33+
enabled = true
34+
account_id = var.cloudflare_account_id
35+
description = "Managed by Terraform - Allow employees to access company wiki IPs."
36+
precedence = 103
37+
action = "allow"
38+
filters = ["l4"]
39+
traffic = "net.dst.ip in ${"$"}${cloudflare_zero_trust_list.wiki_IPs.id}"
40+
identity = "identity.email matches \".*@example.com\""
41+
42+
rule_settings = {
43+
check_session = {
44+
enforce = true
45+
duration = "1h30m0s"
46+
}
47+
}
48+
}
49+
```
50+
</TabItem>
51+
</Tabs>
52+
1853
Session checks are now enabled for the application protected by this policy. Users can continue to reach applications outside of the policy definition.

0 commit comments

Comments
 (0)