Pages protected by Cloudflare ZeroTrust/Access - Possible?

Hello community.

Is it possible to secure a Cloudflare Pages deployed application using Cloudflare Zerotrust/Access?

We know it is possible to secure the website domain associated with the deployed pages, but what about the site origin, pages-name.pages.dev. Since we do not own *.pages.dev, it isn’t possible to protect the primary URL of the pages application.

Is there a method around this that eliminates the bypass of the pages being accessed as pages-name.pages.dev and only be served from our domain which we can associate with ZeroTrust/Access applications?

The only documentation on this matter I could find from CF suggested the use of a Pages plugin to retrieve information from an existing Access session JWT. We do not need to query information from the JWT, we only need the Pages deployed site to be protected behind ZeroTrust natively despite the deployment of pages-name.pag

Yes you can put your pages.dev behind Access. See the following guide for details:

https://developers.cloudflare.com/pages/platform/known-issues/#enabling-access-on-your-pagesdev-domain

2 Likes

That’s exactly what I was looking for, thank you!

1 Like

They really need to give this topic its own heading in the navigation pane!

Thanks again