Cloudflare Access on Custom Domains
I have had a pretty bad experience deploying Cloudflare Pages to a custom domain hosted on Cloudflare so far.
My goal is to upload a page and restrict access to that page with Cloudflare Access.
I'm uploading the pages with direct upload, it is then deployed in three locations:
-
xxx.test.pages.dev
- test.pages.dev
- page.test.xyz (custom domain)
Then I create two Cloudflare Access applications and limit their access to a bunch of emails with the One-Time PIN authentication provider:
- xxx.test.pages.dev
- test.pages.dev
This works well so far, including the limited access in the custom domain. The issue is that files aren't covered by Cloudflare Access on the custom domain, e.g. page.test.xyz/file.js is not protected by Cloudflare Access.
I tried creating a third Cloudflare Access application at page.text.xyz/*, which does protect files, but breaks the page with endless redirections.
The post guidelines say to include links and IDs, which unfortunately I can't do publicly, but if necessary I can create a reproduction of this problem with some example files I can actually show.2 Replies
Unknown User•3y ago
Message Not Public
Sign In & Join Server To View
Yes, what I mean with "covered" (I'm gonna use "protected" from now on) is that it's behind Cloudflare Access, trying to use this path will require authentication through Cloudflare Access:
-
xxx.test.pages.dev (protected)
- xxx.test.pages.dev/* (protected)
- test.pages.dev (protected)
- test.pages.dev/* (protected)
- page.test.xyz (protected)
- page.test.xyz/* (not protected)
The root path will serve the index.html file as usual.
I'm deactivating all browser cache in my browser, there were other problems with caching though, sometimes (not consistently) when I update the page with new files, it will still serve the old ones on the custom domains, which I can only solve by purging the cache on Cloudflare's side.
Just to make sure, I tested this on another device, so I'm sure it's not a caching thing.