Public Access
Summary
caution
Because the Public Access setting bypasses authentication and authorization checks, you should enable it only for publicly exposed web services.
The Public Access setting instructs Pomerium to grant unauthorized and unauthenticated access to all requests to the upstream service. If you enable this setting, no other policy should be provided for the route.
robots.txt behavior
By default, Pomerium serves a robots.txt response directly, instructing search engines not to crawl the route domain:
User-agent: *
Disallow: /
For routes with policies that allow public, unauthenticated access, Pomerium will not serve robots.txt directly. Instead, Pomerium will proxy requests for /robots.txt to the upstream service.
How to configure
- Core
- Enterprise
- Kubernetes
| YAML/JSON setting | Type | Default | Usage |
|---|---|---|---|
allow_public_unauthenticated_access | boolean | false | optional |
Examples
allow_public_unauthenticated_access: true
Enable Public Access in the Policy Builder in the Console:
| Annotation name | Type | Default | Usage |
|---|---|---|---|
allow_public_unauthenticated_access | boolean, string | false | optional |
Examples
ingress.pomerium.io/allow_public_unauthenticated_access: 'true'