Requirements for CF Access?



Can somebody please walk me through?

I enabled Access, linked my Paypal account, then went to one domain and setup the application I want to protect, access policies (followed by a deny policy) and stuck with the passwordless login method.
waited, and waited, and waited… then I realized the app I setup for testing was NOT protected by CF :frowning:
went to my DNS tab and enabled CF protection for this app url.
still waiting though…

did I forget something? how long does activation of access take?

see screenshot:


It’s instantaneous. And you don’t need a DENY statement (it’s implied).

Another user discovered there’s no error checking for Access URLs. If your URL isn’t quite right (or on a bypassed subdomain), Access won’t apply to that URL.


not sure what I could have done wrong, I selected a subdomain and did not enter (optional) path after the domain =>


Is the sub domain proxied? (:orange:)
What does your “Allow” policy look like?

Delete the deny rule. It’s not necessary since all access is denied by default.


The ALLOW ME rule simply allows one email address: mine.

I think I know what the problem is: I did indeed proxy the subdomain: sub.domain.tld but didn’t realize there was a pre-existing *.domain.tld which obviously can’t be proxied. It looks like I need to remove the wildcard subdomain first.

removing the wildcard DNS record and adding the 4 subdomains it was used for didn’t help :frowning: still no access protection. This tools needs a check to advise what’s missing. Seriously.


What does CF access require in the crypto tab?


You hav Cloudflare paused, so all requests are going direct to origin and bypassing Cloudflare.


sorry for that. I haven’t visited CF’s dashboard in a while as everything as just working smoothly so I didn’t realize that.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.