Skip to content

Commit 26318f0

Browse files
maxvpsdnts
maxvp
authored and
sdnts
committed
Add help.one domain to global policies (cloudflare#23616)
1 parent 788e2f2 commit 26318f0

File tree

1 file changed

+11
-11
lines changed

1 file changed

+11
-11
lines changed

src/content/docs/cloudflare-one/policies/gateway/global-policies.mdx

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -13,14 +13,14 @@ The following policies are sorted by [order of precedence](/cloudflare-one/polic
1313

1414
## Network proxy policies
1515

16-
| Name | ID | Criteria | Value | Action | Description |
17-
| ---------------------------------- | -------------------------------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
18-
| Allow CF Network Error Logging L4 | `00000001-e4af-4b82-8f8c-c79c1d5d212e` | Hostname | `*.nel.cloudflare.com` | allow | Allows SNI domains for WARP registration. |
19-
| Allow CF Client | `00000001-8c3d-4e27-a01b-af8418000077` | Hostname | `*.cloudflareclient.com` | allow | Allows Zero Trust client. |
20-
| Allow Gateway Proxy PAC | `00000001-776e-438d-9856-987d7053762b` | Hostname | `*.cloudflare-gateway.com` | allow | Allows Gateway proxy with [PAC files](/cloudflare-one/connections/connect-devices/agentless/pac-files/). |
21-
| Allow Zero Trust Services | `00000001-e1e8-421b-a0fe-895397489f28` | Hostname | `dash.teams.cloudflare.com`, `help.teams.cloudflare.com`, `blocked.teams.cloudflare.com`, `api.cloudflare.com`, `cloudflarestatus.com`, `www.cloudflarestatus.com`, and `one.dash.cloudflare.com` | allow | Allows Cloudflare Zero Trust services. |
22-
| Allow Access Apps L4 | `00000001-daa2-41e2-8a88-698af4066951` | Hostname | `*.cloudflareaccess.com` | allow | Allows [Cloudflare Access](/cloudflare-one/policies/access/) applications. |
23-
| Allow Browser-rendered Access Apps | `00000001-1f93-4476-8f92-9aa4407d1c5f` | Hostname | `*.zero-trust-apps.cfdata.org` | allow | Allows Cloudflare Access terminal applications [rendered in a browser](/cloudflare-one/applications/non-http/browser-rendering/#ssh-and-vnc). |
16+
| Name | ID | Criteria | Value | Action | Description |
17+
| ---------------------------------- | -------------------------------------- | -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
18+
| Allow CF Network Error Logging L4 | `00000001-e4af-4b82-8f8c-c79c1d5d212e` | Hostname | `*.nel.cloudflare.com` | allow | Allows SNI domains for WARP registration. |
19+
| Allow CF Client | `00000001-8c3d-4e27-a01b-af8418000077` | Hostname | `*.cloudflareclient.com` | allow | Allows Zero Trust client. |
20+
| Allow Gateway Proxy PAC | `00000001-776e-438d-9856-987d7053762b` | Hostname | `*.cloudflare-gateway.com` | allow | Allows Gateway proxy with [PAC files](/cloudflare-one/connections/connect-devices/agentless/pac-files/). |
21+
| Allow Zero Trust Services | `00000001-e1e8-421b-a0fe-895397489f28` | Hostname | `dash.teams.cloudflare.com`, `help.teams.cloudflare.com`, `blocked.teams.cloudflare.com`, `api.cloudflare.com`, `cloudflarestatus.com`, `www.cloudflarestatus.com`, `one.dash.cloudflare.com`, and `help.one.cloudflare.com` | allow | Allows Cloudflare Zero Trust services. |
22+
| Allow Access Apps L4 | `00000001-daa2-41e2-8a88-698af4066951` | Hostname | `*.cloudflareaccess.com` | allow | Allows [Cloudflare Access](/cloudflare-one/policies/access/) applications. |
23+
| Allow Browser-rendered Access Apps | `00000001-1f93-4476-8f92-9aa4407d1c5f` | Hostname | `*.zero-trust-apps.cfdata.org` | allow | Allows Cloudflare Access terminal applications [rendered in a browser](/cloudflare-one/applications/non-http/browser-rendering/#ssh-and-vnc). |
2424

2525
## HTTP inspection policies
2626

@@ -29,7 +29,7 @@ The following policies are sorted by [order of precedence](/cloudflare-one/polic
2929
| Prevent Account Change Block | `00000001-d1f2-461a-8253-501c8d882a15` | Hostname | `*.cloudflareclient.com` | bypass | Ensures users cannot accidentally block themselves from making account changes. |
3030
| Bypass RBI Assets | `00000001-df61-4068-aa6c-0f684c3cd4e6` | Hostname | `*.content.browser.run` | bypass | Required for [Browser Isolation](/cloudflare-one/policies/browser-isolation/). |
3131
| Inspect RBI Urls | `00000001-3faa-4f59-98d4-0f6d6af4b6d0` | Hostname | `*.edge.browser.run` and `*.cloudflarebrowser.com` | bypass | Required for Browser Isolation. |
32-
| Allow Gateway Help Page | `00000001-8e9a-4429-b3c2-d267d0ce6114` | Hostname | `help.teams.cloudflare.com` | allow | Used by the WARP client to check if Gateway is on by inspecting the certificate and checking if it is properly installed on the client device. |
32+
| Allow Gateway Help Page | `00000001-8e9a-4429-b3c2-d267d0ce6114` | Hostname | `help.teams.cloudflare.com` and `help.one.cloudflare.com` | allow | Used by the WARP client to check if Gateway is on by inspecting the certificate and checking if it is properly installed on the client device. |
3333
| Bypass Gateway DNS | `00000001-d9c0-46b0-8704-2ea5b9d7bdfc` | Hostname | `*.cloudflare-gateway.com` | bypass | Ensures requests to the `cloudflare-gateway.com` DNS endpoint will not be inspected. |
3434
| Bypass CF Status | `00000001-5399-4b71-a9fc-d4d90ccf0758` | Hostname | `*.cloudflarestatus.com` | bypass | Bypasses `cloudflarestatus.com` so users can reach the status page in case of a Gateway outage. |
3535
| Bypass CF Network Error Logging | `00000001-dfe0-4737-8d1e-8191e8f637df` | Hostname | `*.nel.cloudflare.com` | bypass | Bypasses `*.nel.cloudflarestatus.com` for Cloudflare's network error logging feature. |
@@ -57,8 +57,8 @@ For each of the domains above, Gateway enforces global DNS and resolver policies
5757
| Resolve content.browser.run through 1.1.1.1 | `00000001-0df5-472b-80c0-02888e7167ee` | `content.browser.run` | resolve |
5858
| Allow DNS queries for edge.browser.run and cloudflarebrowser.com domains | `00000001-e2f1-4e99-bab3-91df88879587` | `edge.browser.run` and `cloudflarebrowser.com` | allow |
5959
| Resolve edge.browser.run and cloudflarebrowser.com through 1.1.1.1 | `00000001-b103-44c6-a114-7a784cdf3fb7` | `edge.browser.run` and `cloudflarebrowser.com` | resolve |
60-
| Allow DNS queries for help.teams.cloudflare.com domain | `00000001-b2fc-46db-b0f1-69ef3553bd7a` | `help.teams.cloudflare.com` | allow |
61-
| Resolve help.teams.cloudflare.com through 1.1.1.1 | `00000001-ce13-486a-b006-ba0435ccb013` | `help.teams.cloudflare.com` | resolve |
60+
| Allow DNS queries for help.teams.cloudflare.com domain | `00000001-b2fc-46db-b0f1-69ef3553bd7a` | `help.teams.cloudflare.com` and `help.one.cloudflare.com` | allow |
61+
| Resolve help.teams.cloudflare.com through 1.1.1.1 | `00000001-ce13-486a-b006-ba0435ccb013` | `help.teams.cloudflare.com` and `help.one.cloudflare.com` | resolve |
6262
| Allow DNS queries for cloudflare-gateway.com domain | `00000001-e83d-492b-995e-351970cd5e8e` | `cloudflare-gateway.com` | allow |
6363
| Resolve cloudflare-gateway.com through 1.1.1.1 | `00000001-d9bc-4913-a2f5-905dbb3ecf9a` | `cloudflare-gateway.com` | resolve |
6464
| Allow DNS queries for cloudflarestatus.com domain | `00000001-78da-4f8a-b9ee-76563f1ec46b` | `cloudflarestatus.com` | allow |

0 commit comments

Comments
 (0)