Set up HTTP filtering
Secure Web Gateway allows you to inspect HTTP traffic and control which websites users can visit.
1. Connect to Gateway
To filter HTTP requests from a device:
- Install the Cloudflare root certificate on your device.
- Install the WARP client on your device.
- In the WARP client Settings, log in to your organization’s Zero Trust instance.
- Enable the Gateway proxy for TCP. Optionally, you can enable the UDP proxy to inspect all port 443 UDP traffic.
- To inspect HTTPS traffic, enable TLS decryption.
2. Verify device connectivity
- In Zero Trust, go to Settings > Network.
- Under Gateway logging, enable activity logging for all HTTP logs.
- On your device, open a browser and visit any website.
- In Zero Trust, go to Logs > Gateway > HTTP.
- Make sure you see HTTP queries from your device.
3. Add recommended policies
To create a new HTTP policy, go to Gateway > Firewall Policies > HTTP in Zero Trust. We recommend adding the following policies:
Bypass inspection for incompatible applications
Bypass HTTP inspection for applications which use embedded certificates. This will help avoid any certificate pinning errors that may arise from an initial rollout.
Selector | Operator | Value | Action |
---|---|---|---|
Application | in | Do Not Inspect | Do Not Inspect |
Block all security categories
Block known threats such as Command & Control, Botnet and Malware based on Cloudflare’s threat intelligence.
Selector | Operator | Value | Action |
---|---|---|---|
Security categories | in | All security risks | Block |
4. Add optional policies
Refer to our list of common HTTP policies for other policies you may want to create.