Pages protected by Cloudflare ZeroTrust/Access - Possible?

Hello community.

Is it possible to secure a Cloudflare Pages deployed application using Cloudflare Zerotrust/Access?

We know it is possible to secure the website domain associated with the deployed pages, but what about the site origin, pages-name.pages.dev. Since we do not own *.pages.dev, it isn’t possible to protect the primary URL of the pages application.

Is there a method around this that eliminates the bypass of the pages being accessed as pages-name.pages.dev and only be served from our domain which we can associate with ZeroTrust/Access applications?

The only documentation on this matter I could find from CF suggested the use of a Pages plugin to retrieve information from an existing Access session JWT. We do not need to query information from the JWT, we only need the Pages deployed site to be protected behind ZeroTrust natively despite the deployment of pages-name.pag

Yes you can put your pages.dev behind Access. See the following guide for details:

That’s exactly what I was looking for, thank you!

They really need to give this topic its own heading in the navigation pane!

Thanks again

The page in the accepted answer is out of date.

It says

From Account Home, select Workers & Pages.
In Overview, select your Pages project.
Go to Settings > Enable access policy.

But when I go to settings, there is no access policy there.

image2002×875 33.5 KB

You actually have to go to the Manage tab to find it.