Skip to content

[CF1] CWI step 3 expansion #22664

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Jun 4, 2025
Merged

[CF1] CWI step 3 expansion #22664

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
380527a
[CF1] CWI step 3 expansion
deadlypants1973 May 26, 2025
c26cd37
final edit
deadlypants1973 May 30, 2025
9b0ca1c
Update src/content/docs/cloudflare-one/policies/browser-isolation/set…
deadlypants1973 Jun 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
65 changes: 39 additions & 26 deletions ...loudflare-one/policies/browser-isolation/setup/clientless-browser-isolation.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,18 +3,31 @@ pcx_content_type: concept
title: Clientless Web Isolation
sidebar:
order: 5

---

import { GlossaryTooltip, Render } from "~/components"
import { GlossaryTooltip, Render } from "~/components";

Clientless Web Isolation allows users to securely browse high risk or sensitive websites in a remote browser without having to install the Cloudflare WARP client on their device.

## Set up Clientless Web Isolation

<Render file="clientless-browser-isolation" />

3. To configure permissions, select **Manage**. You can add authentication methods and [rules](/cloudflare-one/policies/access/) to control who can access the remote browser.
3. To configure permissions, in **Setting** > **Browser Isolation**> select **Manage** next to Permissions. You can add authentication methods and [rules](/cloudflare-one/policies/access/) to control who can access the remote browser.

4. Under **Policies** > Access Policies > select **Create new policy**.

5. Name your policy and define who will have access to your isolated application. Refer to the [Access policy documentation](/cloudflare-one/policies/access/#actions) to construct your policy.

6. Under **Additional settings**, toggle the **Isolate application** on to enable your application to be served in an isolated browser for users matching your policy.
Copy link
Contributor

@jroyal jroyal May 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This part is only necessary if you are doing it for apps through the normal Access part of the dash. For the clientless BISO application its not needed.

Copy link
Contributor

@jroyal jroyal May 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To clarify.

Setting > Browser Isolation> select Manage next to Permissions. This does not require the isolate setting in Access policies. It is managing the login page for .cloudflareaccess.com/browser.

If you enable the isolate toggle in a policy and include that policy on a normal self-hosted application then we will isolate that for all users that match that policy.


7. Select **Save**.

8. Under **Policies** > Access Policies > select **Select existing policies** and select the policy or policies you created in the previous step > select **Confirm**.

9. At the bottom of the page, select **Save**.

Your application will now be served in an isolated browser for users matching your policies.

## Filter DNS queries

Expand Down Expand Up @@ -121,33 +134,33 @@ If you want to isolate a website without Cloudflare WARP installed, you will nee
```html
<!DOCTYPE html>
<html>
<head>
<title>Redirecting website to a remote browser</title>
<script>
window.location.href =
"https://<your-team-name>.cloudflareaccess.com/browser/<URL>}";
</script>
<noscript>
<meta
http-equiv="refresh"
content="0; url=https://<your-team-name>.cloudflareaccess.com/browser/<URL>"
/>
</noscript>
</head>
<body>
<p>
This website is being redirected to a remote browser. Select
<a href="https://<your-team-name>.cloudflareaccess.com/browser/<URL>"
>here</a
>
if you are not automatically redirected.
</p>
</body>
<head>
<title>Redirecting website to a remote browser</title>
<script>
window.location.href =
"https://<your-team-name>.cloudflareaccess.com/browser/<URL>}";
</script>
<noscript>
<meta
http-equiv="refresh"
content="0; url=https://<your-team-name>.cloudflareaccess.com/browser/<URL>"
/>
</noscript>
</head>
<body>
<p>
This website is being redirected to a remote browser. Select
<a href="https://<your-team-name>.cloudflareaccess.com/browser/<URL>"
>here</a
>
if you are not automatically redirected.
</p>
</body>
</html>
```

## Troubleshooting

Review troubleshooting guidance related to Clientless Web Isolation.

- [Clientless Web Isolation is loading a blank screen on a Windows device](/cloudflare-one/faq/troubleshooting/#clientless-web-isolation-is-loading-with-a-blank-screen-on-a-windows-device)
- [Clientless Web Isolation is loading a blank screen on a Windows device](/cloudflare-one/faq/troubleshooting/#clientless-web-isolation-is-loading-with-a-blank-screen-on-a-windows-device)
2 changes: 1 addition & 1 deletion src/content/docs/cloudflare-one/policies/browser-isolation/setup/index.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ sidebar:
label: Get started
---

Browser Isolation is enabled through Secure Web Gateway HTTP policies. By default, no traffic is isolated until you have added an Isolate policy to your HTTP policies.
Browser Isolation is enabled through [Secure Web Gateway HTTP policies](/cloudflare-one/policies/gateway/http-policies/). By default, no traffic is isolated until you have added an Isolate policy to your HTTP policies.

## 1. Connect devices to Cloudflare

Expand Down