Question

App Platform - Blocking access via default subdomain

Posted on July 19, 2024
App Platform
Asked by Ben Roberts

When I create an app on App Platform, DO assigns it a random subdomain at “ondigitalocean.app”. I can then define a custom domain for this app too.

However, is it possible to block access via the non-custom / default domain?

My use case is that we are using Cloudflare Zero Trust to protect an app, and this works fine except for the fact that the protection can be completely bypassed simply by using the default non-custom domain name.

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Bobby Iliev

Site Moderator

• July 19, 2024

Hey @benbbce8fffc042,

I don’t think that this is available out of the box with the App Platform.

The best thing to do to get your voice heard regarding this would be to head over to our Product Ideas board and post a new idea, including as much information as possible for what you’d like to see implemented.

https://ideas.digitalocean.com/

In the meantime, what you could do here is to restrict access on your application level. For example, if you are using Node.js you could have a middleware that checks this and redirects the traffic accordingly, e.g.:

app.use((req, res, next) => {
  if (req.hostname !== 'your-custom-domain.com') {
    return res.redirect(301, 'https://your-custom-domain.com');
  }
  next();
});