DXP deployment - warmup always times out

We have a website hosted on DXP platform. None of the website is available anonymously - every vistor has to be logged.

Therfore the deployment takes ages, because it waits for timeout, and this things get logged:

Timed out waiting for all instances for webapp **************inte and slot "slot" to become ready!

2020-09-10 09:43:23 	 ::PROGRESS:: 	 PercentComplete=80
2020-09-10 09:43:23 	 Information 	 Starting to warm up the targets slots...
2020-09-10 09:43:50 	 Information 	 Preparing target slot for Go Live (**************/slot) (warming up the slot)
2020-09-10 09:55:11 	 Information 	 Starting any continuous web job(s) in the slot if they exist (**************/slot)
2020-09-10 09:55:13 	 Information 	 Sending webrequests to validate the slot (**************/slot)...
2020-09-10 09:55:47 	 Warning 	 Site with URL http://**************-slot.dxcloud.episerver.net/ responded with error code: 403 (Forbidden)
2020-09-10 09:55:47 	 ::DATA:: 	 SiteName=**************;URL=http://**************-slot.dxcloud.episerver.net/;ManualValidationLink=http://integration.XYZ.com/?x-ms-routing-name=slot;StatusCode=403;StatusDescription=Forbidden
2020-09-10 09:56:39 	 Information 	 Warmup finished for all web apps!
2020-09-10 09:56:39 	 Information 	 Re-enabling autoscaling for the web apps in resource group **************
2020-09-10 09:56:45 	 ::PROGRESS:: 	 PercentComplete=90

So what I did, I created a simple API controller and action, which allows anonymous access, that loads start page through ContentLoader and direct children and returns list of loaded pages with status code OK 200.

Warmup controller looks like this:

    [AllowAnonymous]
    public class WarmupController : ApiController
    {
        [HttpGet]
        [Route("api/warmup")]
        public IHttpActionResult Index()
        {
            // populate cache by retrieving start page and all direct child pages
            var contentLoader = ServiceLocator.Current.GetInstance<IContentLoader>();
            var pageSegments = new List<string>();
            var startPage = contentLoader.Get<PageData>(ContentReference.StartPage);
            if (startPage == null) return Ok<IEnumerable<string>>(pageSegments);
            pageSegments.Add(startPage.URLSegment);
            // load child pages
            var childPages = contentLoader
                .GetChildren<PageData>(startPage.PageLink).Where(x => x != null)
                .Select(x => x.URLSegment);
            pageSegments.AddRange(childPages);
            return Ok<IEnumerable<string>>(pageSegments);
        }
    }

I have added following initialization entry into transform file:

<!-- Application initialization --><applicationInitialization xdt:Transform="Remove" /><applicationInitialization xdt:Transform="InsertIfMissing"><add initializationPage="/api/warmup" hostName="integration.XYZ.com" xdt:Transform="InsertIfMissing" /></applicationInitialization>

When accessing manually, https://integration.XYZ.com/api/warmup, I can confirm it's allowing anonymous access and it returns what it's supposed to. However from the logs, seems like it tries to hit the root of the page any ways, and it will always Forbidden because anonymous access is not allowed there due to bussiness requirements.

How to solve this issue? I bascially would like to shorten the warmup so that it doesn't take more than a half of the whole deployment time because of the forbidden URL. Ideally I would like the warmup to hit the endpoint I created for that reason.