Protect *.pages.dev with Access, but not custom domain

Hi there,

How do I protect my *.pages.dev deployment domains with Cloudflare Zero Trust/Cloudflare Access, without also protecting my custom domain (example.com)?

My goal: don’t have readers (and bots) access my deployments on *.pages.dev. Of course, I do like to welcome readers on my domain (example.com)!


I followed the steps described in the docs here: ‘Enable Access on your *.pages.dev domain’.

Unfortunately, the steps aren’t super clear. For instance, it says “configure your access rules to define who can reach the Access authentication page” for the custom domain, but I don’t know which access rules I should use to make this work. And if I use the ‘Bypass’ option (rather than ‘Allow’ with ‘Everyone’), the Cloudflare Access still pops up on example.com.

Any help or suggestions is very welcome!

Hi there,

Please open you pages project, on top go to Manage and under Access policy, click Enable access policy.
After it’s enabled, click Manage Policies and a tab will open in Access/Applications with a policy already created for your page.

If you don’t do anything else, the page will now be inaccessible, except for selected members.
In the Access/Applications tab, press the application name and then Edit to customize the behavior, you can remove/add domains under Overview add policies under Policies and configure identity providers under Authentication.

And if I use the ‘Bypass’ option (rather than ‘Allow’ with ‘Everyone’), the Cloudflare Access still pops up on example.com .

You can remove this example.com and leave only yourpage.pages.dev under Overview.

Take care.