Public Access
Summary
caution
Because the Public Access setting bypasses authentication and authorization checks, you should enable it only for publicly exposed web services.
The Public Access setting instructs Pomerium to grant unauthorized and unauthenticated access to all requests to the upstream service. If you enable this setting, no other policy should be provided for the route.
Robots.txt behavior
By default, Pomerium serves a robots.txt response directly, instructing search engines not to crawl the route domain:
User-agent: *
Disallow: /
For routes with allow_public_unauthenticated_access
enabled, Pomerium will not serve robots.txt directly. Instead, requests for /robots.txt
will be proxied to the upstream service.
How to configure
- Core
- Enterprise
- Kubernetes
YAML/JSON setting | Type | Default | Usage |
---|---|---|---|
allow_public_unauthenticated_access | boolean | false | optional |
Examples
allow_public_unauthenticated_access: true
Enable Public Access in the Policy Builder in the Console:
Annotation name | Type | Default | Usage |
---|---|---|---|
allow_public_unauthenticated_access | boolean , string | false | optional |
Examples
ingress.pomerium.io/allow_public_unauthenticated_access: 'true'