| App | Required Bypass Rules |
|---|---|
| Media Management | |
| Radarr | /api/* |
| Sonarr | /api/* |
| Lidarr | /api/* |
| Media Servers | |
| Jellyfin (iOS) | /system/info/public |
| Jellyfin (Roku) | /System/Info/Public/Users/AuthenticateByName/Users/Public/QuickConnect/Initiate/QuickConnect/Connect/Users/AuthenticateWithQuickConnect |
| Audiobookshelf | Audiobookshelf also supports /audiobookshelf by default. Each rule should also be applied to this path./api/*/login/auth/*/feed/*/socket.io//status/logout/ping/public/*The following is needed for public shares and is optional for clients: /share/*/_nuxt/*.js/_nuxt/fonts/* |
| Management & Monitoring | |
| Tautulli | /api/* |
| Harbour | /api/* |
| Hoarder App | /api/* |
| Uptime Kuma Manager | /api/*/socket.io/* |
| Beszel | /api/beszel/agent-connect |
| MeshCentral | /api/*/meshrelay.ashx/agent.ashx |
| Security & Privacy | |
| AdGuard Home | /api/* |
| Ente Auth | *api* |
| Vaultwarden/Bitwarden | /api/*/identity/*/wl/*Always Deny - Path - /admin/* |
| Cloud & Sync | |
| Nextcloud | / (Main interface)/index.php (Core handler)/remote.php (Remote access)/status.php (Status checks)/ocs (Collaboration Services API)/apps (Applications)/remote.php/webdav (WebDAV endpoint)/remote.php/dav (CalDAV/CardDAV)/remote.php/caldav (Calendar sync)/remote.php/carddav (Contacts sync)/ocs/v1.php (API endpoints)/ocs/v2.php (API v2 endpoints)/login (Authentication)/.well-known/* (Service discovery)/.well-known/webfinger (WebFinger protocol)/s/* (Shared files/folders) |
| Onlyoffice | /cache/**/CommandService.ashx*/converter/**/doc/**/downloadas/*/downloadfile/**/fonts/*/healthcheck/methodology/**/plugins.json*/sdkjs/**/sdkjs-plugins/**/themes.json*/web-apps/* |
| Photo Management | |
| Ente Photos | *api* |
| Immich | /api/*/.well-known/immich |
| File Management | |
| Filebrowser | /static/*/share/* /api/public/dl/* /api/public/share/* |
| Notes & Knowledge Management | |
| Joplin Notes Server | /api/*/shares/*/css/*/images/*Always Deny - Path - /login/* (optional) |
| Erugo | /api/*/shares/*/build/*/get-logo |
| Memos | /api/*/assets/*/explore*/memos.api.v1.*/auth/callback*/auth/site.webmanifest/logo.webp/full-logo.webp/android-chrome-192x192.png |
| Linkding | /api/*/bookmarks/*Always Deny - Path - /admin/* |
| Communication | |
| Matrix/Synapse (Clients) | /_matrix/*/_synapse/client/* |
| Matrix/Synapse (Federation) | /_matrix/* |
| Notifications | |
| Gotify | /version/message/application/client/stream/plugin/health |
| Home Automation | |
| Home Assistant | /api/*/auth/*/frontend_latest/*/lovelace/*/static/*/hacsfiles/*/local/*/manifest.json/sw-modern.js |
| n8n | /webhook-test/*/webhook/webhook/*/webhook |
| Project Management | |
| Jetbrains Youtrack | /api/*/hub/api/* |
| Genealogy | |
| Gramps Web | /api/* |
| Analytics | |
| Liwan | /script.js/api/send |
| Umami | /script.js/api/send |
These rules are examples and may need to be adjusted based on your specific
app configuration and version.