Changelog

You can now require Cloudflare Access protection for all hostnames in your account. When enabled, traffic to any hostname that does not have a matching Access application is automatically blocked.

This deny-by-default approach prevents accidental exposure of internal resources to the public Internet. If a developer deploys a new application or creates a DNS record without configuring an Access application, the traffic is blocked rather than exposed.

• Blocked by default: Traffic to all hostnames in the account is blocked unless an Access application exists for that hostname.
• Explicit access required: To allow traffic, create an Access application with an Allow or Bypass policy.
• Hostname exemptions: You can exempt specific hostnames from this requirement.

To turn on this feature, refer to Require Access protection.