Require WARP
Cloudflare One enables you to restrict access to your applications to devices running the Cloudflare WARP client. This allows you to flexibly ensure that a user's traffic is secure and encrypted before allowing access to a resource protected behind Cloudflare One.
-
Cloudflare WARP client is deployed on the device. For a list of supported modes and operating systems, refer to WARP Client Checks.
- In Cloudflare One ↗, go to Traffic policies > Traffic settings.
- Ensure that Allow Secure Web Gateway to proxy traffic* is enabled.
- Go to Reusable components > Posture checks.
- In WARP client checks, select Add a check.
- Select WARP, then select Save.
-
In Cloudflare One ↗, go to Access controls > Applications.
-
Locate the application for which you want to require WARP. Select Configure.
-
In the Policies tab, create a new Access policy or edit an existing policy.
-
In the policy builder, add an Include or Require rule which uses the WARP selector. Save the policy.
-
Save the Access application.
Before granting access to the application, the policy will check that the device is running the WARP client.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark