How can I disable the Access policy of Cloudflare Pages?

I am a beginner using the Cloudflare Pages to deploy simple static web sites, mostly very good, enjoy the automatic preview deployments of different github branches on *.xxxx.pages.dev, until I accidentally clicked enabled the Access policy, then all the preview are not accessible to public, and requiring a one-time code sent to email; I’ve explored quite a while in the complicated menus of “Access policy” pages, can’t find a simple way to revert; How can I disable the “Access policy” and revert to the original behavior of all previewing *.xxxx.pages.dev default public?
the problem of “Access policy” is too complicated, and even it has a $0/month plan but it requires to add a payment method, I am not ready for that yet;

can it have a simple button like the “Disable Web Analytics”;

What happens if you click on Manage Policies? Can you post a screenshot?

After clicked “Manage Policies”, there’s a complicated UIs of “Access policy” pages, saying “Get started with Teams”; can’t find a simple disable button there, and it seems requiring to add a payment method to be able select that $0/month plan,

before enabled that “Access policy”, all branches push turns to an automatic deployment at https://<deploy-id>.<page-id>.pages.dev and were all publicly accessible, after enabled “Access policy” now only https://<page-id>.pages.dev is still publicly accessible but all previewing pages at https://<deploy-id>.<page-id>.pages.dev are now redirecting to this page, requiring a login code

That’s a mess.

Out of curiosity, if you type your account’s email address for the login code, does it send you one?

That’s the problem; I didn’t try to login, just want to revert, anyone knows how?

it seems the same problem as in How can I disable Cloudflare Acess for pages - #2 by abe which was a thread in Apr 26; for over 3 months it got no response from the Pages team? so the Pages official team has no intention to fix this?
This is disgusting

Just tell others to keep away from the AccessPolicy from CloudflarePages

maybe my only workaround is to delete this Pages site, and re-create from scratch, hopefully at such small window nobody else take my <page-id> ?

Since I am just started using this Pages site a few days as alternative of Github Pages, may be better use back Github Pages

Maybe you can try an API call to see if that Access Application is listed in your account. Here’s a direct link to the ‘curl’ command:
https://api.cloudflare.com/#access-applications-list-access-applications

I had the exact same issue, and when entering my own email (the one registered to my cloudflare account) it would send me a code and then say that email doesn’t have access.
I did an api call ask sdayman suggested and it showed up, sending an api delete request for that application worked and deployments are now accessible to the public.
It’s disappointing that a restrictive feature that can be enabled from the dashboard can only be disabled by an api call or adding payment info.

Could you please help with the api delete request by sharing the request schema. I’m new to pages and out of curiosity i just enabled Access Policy on my production app.

Given the lack of a straightforward solution, I will give it here after this happening to me twice.

PLEASE NOTE THAT I AM NOT RESPONSIBLE FOR ANY DAMAGE DOING THE BELOW STEPS HAPHAZARDLY MAY DO. BLAME CLOUDFLARĘ FOR NOT PROVIDING AN UI FOR THIS.

You want to call the following commands. Ignore <>, only copy the pure strings or numbers mentioned between these arrows.

curl -X GET "https://api.cloudflare.com/client/v4/accounts/< your account string, you can find it in the URL in the dashboard (dash.cloudflare.com/yourStringIsHere) >/access/apps" \
     -H "X-Auth-Email: [email protected]" \
     -H "X-Auth-Key: < you can get your authentication key in your API Tokens page (https://dash.cloudflare.com/profile/api-tokens) >" \
     -H "Content-Type: application/json"

If everything is correct, the response will be that of a result array. Find your desired page and see the policies array. Copy it’s id.

curl -X DELETE "https://api.cloudflare.com/client/v4/accounts/< your account string from before >/access/apps/< id copied before >" \
     -H "X-Auth-Email: [email protected]" \
     -H "X-Auth-Key: < authentication key >" \
     -H "Content-Type: application/json"

The response should be that of an object with the result id and "success": true. If something went wrong, success will be false.

2 Likes

Looks like you can remove the policies if you subscribe to the free plan and add a payment method.