The problem is I want to protect my Cloudflare Pages site from being accessed by any URL that isn’t my custom domain. For example, I deploy my staging website to Cloudflare Pages and make it accessible via staging.mycompany.com. I set up a Cloudflare Firewall rule to restrict access to my staging site, but from what I can tell Cloudflare Firewall rules don’t apply to my *.pages.dev URLs (even if it did, I am unsure this is the right solution). Therefore, I am now leaking my staging website to the Internet. Not what I want.
There are lots of posts about this already with a range of varying “solutions”, including using Zero Trust Access or Bulk Redirects with, in my opinion, only Bulk Redirects solving the entire problem. Although there were a lot of posts about this issue, none were made in the Feature Request section and were therefore automatically closed and I worry falling off Cloudflare’s radar.
Zero Trust Access can only restrict access to *..pages.dev and not .pages.dev, while still allowing access via a custom domain.
Bulk Redirects do work, but feels like a long-winded/hacky way to get to a solution.
Currently in Cloudflare Workers you have the ability to set a custom domain and disable your *.workers.dev route. This would be ideal for Pages to also have a similar switch that says either enable or disable traffic to this “auto-assigned route”.
Hopefully this feedback is well received and any questions please let me know!