# general-discussions
- e
Erisa | Support Engineer
05/25/2023, 3:03 PMthough its a little difficult to find the tags without knowing an existing post that has one - x
xtc
05/25/2023, 3:03 PMyea also I think it's not consistent - x
xtc
05/25/2023, 3:03 PMfor example, https://blog.cloudflare.com/tag/d1/ - x
xtc
05/25/2023, 3:04 PMnot seeing this: https://blog.cloudflare.com/d1-turning-it-up-to-11/ - e
Erisa | Support Engineer
05/25/2023, 3:04 PMhmm yeah looks like nobody tagged that post with d1 🙁 i wonder why - x
Xerud
05/25/2023, 3:04 PMguys please fix it asap, as alot of Plarium RAID players raging on their channel. Of course i am ironic 🤣https://cdn.discordapp.com/attachments/909458221419356210/1111308824251486289/image.png▾
- x
xtc
05/25/2023, 3:06 PMgonna be a CF side project if I don't find anything or someone doesn't beat me to it 😅 - s
sathoro
05/25/2023, 3:24 PMcan automate it with GPT, it's very good with categorizing posts. I've hooked it up to the WP API and had it auto tag hundreds of posts before - s
sathoro
05/25/2023, 3:30 PMyou can't bypass Access with a header value? 😦 - c
Chaika
05/25/2023, 3:30 PM - s
sathoro
05/25/2023, 3:32 PMohh interesting - c
Chaika
05/25/2023, 3:32 PMIf you're using it with CF Tunnels/any application that validates the JWT Access Sends, make sure to use "Service Auth" rather then "Bypass". Bypass literally bypasses Access and falls back to zone security stuff, no jwt included. Service Auth goes through the flow without an identity and sends a jwt. If you're using Tunnels with the Access setting, and use Bypass, you'll get a blank screen with a 403 - s
sathoro
05/25/2023, 3:33 PMah we are just putting it in front of Pages to hide our staging sites - s
sathoro
05/25/2023, 3:33 PMso I think Bypass is fine? - c
Chaika
05/25/2023, 3:35 PMwouldn't break anything if you used it. I warn people about that because it's confusing when you hit it lol. In a perfect world you'd validate the jwt eitherway, but if it's just staging sites I'm guessing it's not the biggest thing to protect - s
sathoro
05/25/2023, 3:37 PMhmm I don't understandhttps://cdn.discordapp.com/attachments/909458221419356210/1111317206911942727/image.png▾
- s
sathoro
05/25/2023, 3:38 PMall I did was select Bypass then add the Service Token - s
sathoro
05/25/2023, 3:41 PMI will try just adding it as an Include to an existing Policy? - c
Chaika
05/25/2023, 3:42 PMService tokens won't work in an Allow policy - s
sathoro
05/25/2023, 3:43 PMyeah it didn't work - s
sathoro
05/25/2023, 3:43 PMany idea why I get that error? - s
sathoro
05/25/2023, 3:44 PMit is just a new Bypass policy with a single Include - c
Chaika
05/25/2023, 3:45 PMahh opps, you can only use Service Tokens with the Service Auth policy - c
Chaika
05/25/2023, 3:45 PMfor some reason I thought you could use them with bypass alone - c
Chaika
05/25/2023, 3:45 PMshouldn't matter in reality though, just use the Service Auth action - s
sathoro
05/25/2023, 3:46 PMah it is working now. weird error message lol - s
sathoro
05/25/2023, 3:48 PMuhhh - s
sathoro
05/25/2023, 3:49 PMI was testing it by sending requests locally and when I remove the headers the request still goes through? - s
sathoro
05/25/2023, 3:50 PMbut when I visit in a browser I get the Access login page