---
name: Subdomain Auth (NONE — all public)
description: All icedoutai.com subdomains are currently public. No CF Access, no basic auth.
type: reference
originSessionId: 38a0dcdb-5376-45aa-a4f3-1527accc3abe
---
## Current state: ALL SUBDOMAINS PUBLIC

Arnav tried Cloudflare Access (email OTP) on April 19, 2026, then removed it the same day — said "this was a bad idea". All protection removed:
- ❌ No Cloudflare Access apps
- ❌ No nginx basic auth
- ❌ No htpasswd files

Every subdomain returns its actual content directly, no login.

## The ONE exception
**drive.icedoutai.com** — WebDAV has its own auth (arnav/iceout123). Separate system, still active.

## If auth is ever needed again
Previous setup details (for reference only, currently INACTIVE):
- CF Account: 5fa6140947584209a9d85ae0171ab811
- Team domain: icedoutai.cloudflareaccess.com
- API token at `~/.cf_token` has Access permissions (still valid, just unused)
- Access via API: `/accounts/{ACCOUNT_ID}/access/apps`

## Lesson
Arnav prefers friction-free access over auth. Don't re-add auth unless he explicitly asks.