Hi! We are trying to add Cloudflare zero trust authentication to our internal application's endpoints. We added Retool's cloud ip addresses to a bypass list, so those specific IP addresses will bypass our Cloudflare authentication.
Are the Retool IP addresses serving our Retool apps accurate? Can someone help check what IP address our Retool apps are being served on?
Thanks!
Unable to edit, but the issue is that when our Retool app calls the endpoint, it hits our Cloudflare authentication instead of bypassing.
Hello @christina-ppl!
If you added in all of those IP addresses from the doc that you linked then you should be good. I am confused why the requests are still hitting your Cloudflare auth 
What region are you in? I think those listed are for North America, with the first one listed potentially being the Euro IP address(waiting to hear back on confirmation) but I am not sure if that list also includes our APAC cloud server as well.
Are you able to view the incoming request data to see if there is an IP origin address for the requests that are hitting your auth?
Hi Jack, thanks for responding and confirming the validity of the IP addresses! We played around with our Retool configuration a bit more, and we extracted our Cloudflare auth cookies incorrectly. We are now able to gate to the Retool IP addresses correctly
No problem!
Glad the issue was resolved 
Sounds like Cloudflare is being a bit too strict with filtering. I’ve seen this happen when certain security features block requests even from legit sources. If you’ve already added the listed IPs and it’s still not working, try checking Cloudflare’s event logs to see if any specific rule is causing the block. I once had a similar issue that was mistakenly flagged like an ipstresser attack, and whitelisting helped fix it.