Because the Public Access setting bypasses authentication and authorization checks, you should enable it only for publicly exposed web services.
The Public Access setting instructs Pomerium to grant unauthorized and unauthenticated access to all requests to the upstream service. If you enable this setting, no other policy should be provided for the route.
By default, Pomerium serves a robots.txt response directly, instructing search engines not to crawl the route domain:
For routes with
allow_public_unauthenticated_access enabled, Pomerium will not serve robots.txt directly. Instead, requests for
/robots.txt will be proxied to the upstream service.
How to configure
Enable Public Access in the Policy Builder in the Console: