Requirements for CF Access?

access

#1

Can somebody please walk me through?

I enabled Access, linked my Paypal account, then went to one domain and setup the application I want to protect, access policies (followed by a deny policy) and stuck with the passwordless login method.
waited, and waited, and waited… then I realized the app I setup for testing was NOT protected by CF :frowning:
went to my DNS tab and enabled CF protection for this app url.
still waiting though…

did I forget something? how long does activation of access take?

see screenshot: http://take.ms/Dwn1u


#2

It’s instantaneous. And you don’t need a DENY statement (it’s implied).

Another user discovered there’s no error checking for Access URLs. If your URL isn’t quite right (or on a bypassed subdomain), Access won’t apply to that URL.


#3

not sure what I could have done wrong, I selected a subdomain and did not enter (optional) path after the domain => http://take.ms/KWD4V


#4

Is the sub domain proxied? (:orange:)
What does your “Allow” policy look like?

Delete the deny rule. It’s not necessary since all access is denied by default.


#5

The ALLOW ME rule simply allows one email address: mine.

I think I know what the problem is: I did indeed proxy the subdomain: sub.domain.tld but didn’t realize there was a pre-existing *.domain.tld which obviously can’t be proxied. It looks like I need to remove the wildcard subdomain first.

###edit###
removing the wildcard DNS record and adding the 4 subdomains it was used for didn’t help :frowning: still no access protection. This tools needs a check to advise what’s missing. Seriously.


#6

What does CF access require in the crypto tab?


#7

You hav Cloudflare paused, so all requests are going direct to origin and bypassing Cloudflare.


#8

facepalm
sorry for that. I haven’t visited CF’s dashboard in a while as everything as just working smoothly so I didn’t realize that.