Disable Cloudflare Access temporarily
Cloudflare Access on docs.saxobroko.com forces visitors through Authentik login before SaxDocs loads. Disabling Access makes the docs publicly readable without login — anyone with the URL can read the site (still subject to normal web caching and GitHub public repo rules for content).
Use this only in an emergency when Access or Authentik is broken and you need the documentation immediately.
Before you do this
Ask:
- Can I fix auth.saxobroko.com or Authentik instead?
- Can I add a temporary Authentik user — Add an Authentik user?
- Is the problem just Bot Fight Mode or geo block — When a site is down?
Security impact
SaxDocs contains personal homelab and finance documentation. Turning off Access exposes it to the open internet until you turn Access back on. Do not leave it disabled longer than necessary.
This is not a fix for homelab apps
Jellyfin, dash, vault, etc. use separate Access or auth rules. This guide is mainly for docs.saxobroko.com.
Disable Access on SaxDocs
- Log in to Cloudflare — Cloudflare account access.
- Open Zero Trust (from dashboard sidebar or one.dash.cloudflare.com).
- Go to Access → Applications.
- Find the application for docs.saxobroko.com (may be named SaxDocs or similar).
- Either:
- Option A — Remove policy (temporary): Edit the application → Policies → delete or disable the Allow policy that requires Authentik, or
- Option B — Bypass policy: Add a temporary Bypass policy with a very narrow rule (not recommended unless you understand Zero Trust), or
- Option C — Delete application: Most drastic — removes Access entirely from docs until recreated.
Safest temporary approach for non-experts:
- Edit the existing Allow policy → set Action to Bypass for a short test, or disable the policy with the toggle if Cloudflare shows one.
- Save.
- Incognito test — docs.saxobroko.com should load MkDocs without Authentik redirect.
Exact UI labels change — look for Policies, Action: Allow / Bypass / Deny.
Re-enable Access (mandatory follow-up)
As soon as Authentik works again:
- Access → Applications → docs app.
- Restore Allow policy with Authentik identity provider — settings documented in Authentik.
- Test incognito — Authentik login should return.
- Note the date/time Access was disabled in a private log (not necessarily in git if it contains incident detail you do not want public).
Alternative — fix without disabling Access
| Problem | Fix |
|---|---|
| JS challenge instead of login | Turn off Bot Fight Mode — WAF |
| Login loop | Ensure auth.saxobroko.com is not behind Access |
| Email not returned | Fix Authentik user email + OIDC scopes — Authentik troubleshooting |
| One person locked out | Create their Authentik user — Add an Authentik user |
GitHub deploy is unaffected
GitHub Actions deploy to Cloudflare Pages does not go through browser Access. Disabling Access only changes who can read the site in a browser.