Clarify behaviour of connectivity.cloudflareclient.com

[jamie-sandbox]

Existing documentation URL(s)

https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/firewall/#connectivity-check

What changes are you suggesting?

The documentation states that connectivity.cloudflareclient.com performs a check inside the WARP tunnel, and therefore does not need to be whitelisted on the firewall.

However, we are seeing thousands of requests to connectivity.cloudflareclient.com in the logs of our corporate proxy server, implying that connections are following the system proxy settings and are not going through the WARP tunnel all of the time.

This has been observed both in full WARP and DoH-only modes.

Please can the expected behaviour be clarified? Should we add connectivity.cloudflareclient.com to our PAC file to force it to bypass the proxy server?

Additional information

No response

[Tinubu1234]

Please help me open my u

[deadlypants1973]

@jamie-sandbox we answered your query about connectivity.cloudflareclient.com here: #16062. The dev docs are correct in their current state and you shouldn't have to worry about this functionality, but if there's a specific goal you have in mind, could you share that goal or could you close this issue and file a support ticket?

[jamie-sandbox]

@deadlypants1973 Thanks for your response however this needs to be re-opened.

As stated in my original description, we are seeing lots of connections which are going outside of the tunnel (contrary to what the documentation would suggest).

We need clarification of:

a) Is this intentional, or a bug? (I suspect this is a bug)

b) If it is intentional, do we need to exempt this on our PAC file? Or is it acceptable for the connectivity checks to go through a corporate proxy?

It would be good if the documentation could reference this and state what the expected behaviour and configuration is.