diff --git a/README.md b/README.md
index d2ac429..d9c97f0 100644
--- a/README.md
+++ b/README.md
@@ -48,7 +48,7 @@ Wildebeest uses [Deploy to Workers](https://deploy.workers.cloudflare.com/) to a
**Click here to start the installation.**
-[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/wildebeest&authed=true&fields={%22name%22:%22Zone%20ID%22,%22secret%22:%22CF_ZONE_ID%22,%22descr%22:%22Get%20your%20Zone%20ID%20from%20the%20Cloudflare%20Dashboard%22}&fields={%22name%22:%22Domain%22,%22secret%22:%22CF_DEPLOY_DOMAIN%22,%22descr%22:%22Domain%20on%20which%20your%20instance%20will%20be%20running%22}&fields={%22name%22:%22Instance%20title%22,%22secret%22:%22INSTANCE_TITLE%22,%22descr%22:%22Title%20of%20your%20instance%22}&fields={%22name%22:%22Administrator%20Email%22,%22secret%22:%22ADMIN_EMAIL%22,%22descr%22:%22An%20Email%20address%20that%20can%20be%20messaged%20regarding%20inquiries%20or%20issues%22}&fields={%22name%22:%22Instance%20description%22,%22secret%22:%22INSTANCE_DESCR%22,%22descr%22:%22A%20short,%20plain-text%20description%20of%20your%20instance%22}&apiTokenTmpl=[{%22key%22:%22d1%22,%22type%22:%22edit%22},{%22key%22:%22page%22,%22type%22:%22edit%22},{%22key%22:%22images%22,%22type%22:%22edit%22},{%22key%22:%22access%22,%22type%22:%22edit%22},{%22key%22:%22workers_kv_storage%22,%22type%22:%22edit%22},{%22key%22:%22access_acct%22,%22type%22:%22read%22},{%22key%22:%22dns%22,%22type%22:%22edit%22},{%22key%22:%22workers_scripts%22,%22type%22:%22edit%22}]&apiTokenName=Wildebeest)
+[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/wildebeest&authed=true&fields={%22name%22:%22Zone%20ID%22,%22secret%22:%22CF_ZONE_ID%22,%22descr%22:%22Get%20your%20Zone%20ID%20from%20the%20Cloudflare%20Dashboard%22}&fields={%22name%22:%22Domain%22,%22secret%22:%22CF_DEPLOY_DOMAIN%22,%22descr%22:%22Domain%20on%20which%20your%20instance%20will%20be%20running%22}&fields={%22name%22:%22Instance%20title%22,%22secret%22:%22INSTANCE_TITLE%22,%22descr%22:%22Title%20of%20your%20instance%22}&fields={%22name%22:%22Administrator%20Email%22,%22secret%22:%22ADMIN_EMAIL%22,%22descr%22:%22An%20Email%20address%20that%20can%20be%20messaged%20regarding%20inquiries%20or%20issues%22}&fields={%22name%22:%22Instance%20description%22,%22secret%22:%22INSTANCE_DESCR%22,%22descr%22:%22A%20short,%20plain-text%20description%20of%20your%20instance%22}&apiTokenTmpl=[{%22key%22:%22d1%22,%22type%22:%22edit%22},{%22key%22:%22page%22,%22type%22:%22edit%22},{%22key%22:%22images%22,%22type%22:%22edit%22},{%22key%22:%22access%22,%22type%22:%22edit%22},{%22key%22:%22workers_kv_storage%22,%22type%22:%22edit%22},{%22key%22:%22access_acct%22,%22type%22:%22read%22},{%22key%22:%22dns%22,%22type%22:%22edit%22},{%22key%22:%22workers_scripts%22,%22type%22:%22edit%22},{%22key%22:%22account_rulesets%22,%22type%22:%22edit%22}]&apiTokenName=Wildebeest)
Please pay attention to all the steps involved in the installation process.
diff --git a/scripts/generate-one-click-deploy-button.mjs b/scripts/generate-one-click-deploy-button.mjs
index 4e55ab9..c1e53c3 100644
--- a/scripts/generate-one-click-deploy-button.mjs
+++ b/scripts/generate-one-click-deploy-button.mjs
@@ -37,6 +37,7 @@ const API_TOKEN_TEMPLATE = JSON.stringify([
{ key: 'access_acct', type: 'read' },
{ key: 'dns', type: 'edit' },
{ key: 'workers_scripts', type: 'edit' },
+ { key: 'account_rulesets', type: 'edit' },
])
const fields = FIELDS.map((x) => JSON.stringify(x))
diff --git a/tf/main.tf b/tf/main.tf
index f5384da..a2a7dec 100644
--- a/tf/main.tf
+++ b/tf/main.tf
@@ -170,3 +170,21 @@ resource "cloudflare_access_application" "wildebeest_access" {
session_duration = "730h"
auto_redirect_to_identity = false
}
+
+resource "cloudflare_ruleset" "wildebeest_inbox" {
+ zone_id = trimspace(var.cloudflare_zone_id)
+ name = "Wildebeest"
+ description = "Ruleset for Wildebeest"
+ kind = "zone"
+ phase = "http_request_firewall_managed"
+
+ rules {
+ action = "skip"
+ action_parameters {
+ phases = ["http_request_firewall_managed"]
+ }
+ expression = "(http.host eq \"${var.cloudflare_deploy_domain}\" and http.request.uri.path contains \"/ap/users/\" and http.request.uri.path contains \"inbox\")"
+ description = "Bypass firewall for Wildebeest Inbox"
+ enabled = true
+ }
+}