All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Gateway - Gateway will now evaluate Network policies before HTTP policies from July 14th, 2025

1y ago

Source

CloudflareGateway - Gateway will now evaluate Network policies before HTTP policies from July 14th, 2025cloudflare.com
Snippet from the RSS feed
Gateway will now evaluate Network (Layer 4) policies before HTTP (Layer 7) policies . This change preserves your existing security posture and does not affect which traffic is filtered — but it may impact how notifications are displayed to end users. This change will roll out progressively between July 14–18, 2025 . If you use HTTP policies, we recommend reviewing your configuration ahead of rollout to ensure the user experience remains consistent. Updated order of enforcement Previous order: DNS policies HTTP policies Network policies New order: DNS policies Network policies HTTP policies Action required: Review your Gateway HTTP policies This change may affect block notifications. For example: You have an HTTP policy to block example.com and display a block page. You also have a Network policy to block example.com silently (no client notification). With the new order, the Network policy will trigger first — and the user will no longer see the HTTP block page. To ensure users still receive a block notification, you can: Add a client notification to your Network policy, or Use only the HTTP policy for that domain. Why we’re making this change This update is based on user feedback and aims to: Create a more intuitive model by evaluating network-level policies before application-level policies. Minimize 526 connection errors by verifying the network path to an origin before attempting to establish a decrypted TLS connection. To learn more, visit the Gateway order of enforcement documentation .

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.