CD
Cloudflare Developers11mo ago
Felix

WAF rules on .pages.dev domain

I have noticed that WAF rules for a custom page domain apply to it, but can be bypassed via the .pages.dev subdomain, as they do not apply there. Is there a way to apply the WAF rules there as well, since it is not possible to disable the .pages.dev domain. The WAF rules for my page custom domain are quite useless if they can be bypassed via the subdomain. (If there was already something about this topic and I have not found it here, sorry)
16 Replies
Cyb3r-Jak3
Cyb3r-Jak311mo ago
You can’t use WAF on pages.dev but you can disable it by putting access in front of it https://developers.cloudflare.com/pages/platform/known-issues/#enabling-access-on-your-pagesdev-domain
Known issues · Cloudflare Pages docs
Here are some known bugs and issues with Cloudflare Pages:
Felix
Felix11mo ago
the last time I did this (for mypage.pages.dev), my custom domain was also affected by this policy (for the deployments under *.mypage.pages.dev I already have access policies) but I will try again
Felix
Felix11mo ago
Felix
Felix11mo ago
if I create the rule like this, my custom domain will also be blocked
Felix
Felix11mo ago
Felix
Felix11mo ago
any ideas? (custom domain, allow everyone) https://cdn.f3lix.net/d/uWvkcgIB
Cyb3r-Jak3
Cyb3r-Jak311mo ago
Try removing the domain that doesn't have the the *
Felix
Felix11mo ago
but this is the domain I want to protect? (mypage.pages.dev)
Cyb3r-Jak3
Cyb3r-Jak311mo ago
Are you doing this manually or through the pages?
Felix
Felix11mo ago
so i want to protect this: mypage.pages.dev *.mypage.pages.dev but not this one: mypage.com but with the rule for the .pages.dev domains also mypage.com is protected. if i create a second application for the custom domain i will still be asked for auth despite allow/bypass everyone
Felix
Felix11mo ago
created via page settings https://cdn.f3lix.net/d/gBkMhEuc
Cyb3r-Jak3
Cyb3r-Jak311mo ago
Weird just deleted and re-setup and seeing the same behavior when it was fine before.
Hello, I’m Allie!
Hello, I’m Allie!11mo ago
Do you want your Pages.dev to be accessible?
Hello, I’m Allie!
Hello, I’m Allie!11mo ago
If so, you can use https://developers.cloudflare.com/pages/how-to/redirect-to-custom-domain/
Redirecting *.pages.dev to a Custom Domain · Cloudflare Pages docs
Learn how to use Bulk Redirects to redirect your *.pages.dev subdomain to your custom domain (example.com). You may want to do this to ensure that …
Cyb3r-Jak3
Cyb3r-Jak311mo ago
^ I was wrong. You can't access the root level pages.dev while allowing the custom domain. You just redirect the root level one
Hello, I’m Allie!
Hello, I’m Allie!11mo ago
And you can even make it redirect all of the branches and individual releases too, if you tick Include Subdomains
Want results from more Discord servers?
Add your server
More Posts
TunnelHello, I need help in making a tunnel. It is assumed that when making a tunnel it only receives the The documentation I linked containsThe documentation I linked contains links to the relevant API endpoint documentationsAllow example.com/x/* but block everything else.I wanted to know if it was possible for me to use access to allow example.com/share/* but block examHow to deploy to previewThis is how I tried to deploy but it still gets deployed to prod: `wrangler pages deploy --env previInvalid URL when initiating AssemblyScript generated WASMI'm writing code in AssemblyScript and compiling it to WASM. AssemblyScript also generates JS bindinWARP to WARPBy enabling WARP to WARP in Zero Trust settings, is one enrolled device able to "find" other enrolleDownload Images from URLI'm trying to setup a button where I am able to just click a button and download a image from my bucHow does worker max time work precisely?What (I think) I understand: - When using paid plan, you can make use of either Bundled or Unbound Link domain start with www.i had been linked my website with domain "skyrise.site" first and when i try to link another link toZero Trust - NetworkHey all, quick question. I'm setting up portainer and trying the zero trust docker container versio