Protecting sub & main domain of pages project through cloudflare access

When creating a cloudflare pages project it’s possible to activate cloudflare access policies with it.

The policy by default protects all subdomains but not the maindomain of the pages project.
xyz.project.pages.dev - protected
project.pages.dev - unprotected

The access application configuration seems to only allow one defined application domain. Restricting to either e.G. *.project.pages.dev for subdomain protection or project.pages.dev for main domain (“production”) protection.

Is it possible to protect both (subdomain and maindomain) through cloudflare access? The UI does not seem to allow it.

How about creating two Access applications? This is the only workaround if you have two subdomains which are actually serving the same website.

1 Like

That was also my first instinct but the application doesn’t seem to allow doing so, atleast via UI while I don’t have a domain / zone transfered over. The pages access policy creation seems to work around it.

Create the default protection rule in pages. Modify it by removing the * and save it. Repeat the previous step to create a rule protecting the wildcard in pages.

1 Like

That’s the solution, thanks!. For future readers: once u modified the rule url as described above you can go back to the cloudflare pages and once again press add managed policies to get the second application into cloudflare access

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.