starred/nginx-cloudflare-real-ip
1
0
Fork 0
mirror of https://github.com/ergin/nginx-cloudflare-real-ip.git synced 2026-04-25 13:25:57 +03:00
Code Issues 7 Projects Releases Packages Wiki Activity

[GH-ISSUE #2] Blocking connections not from cloudflare #2

New issue
Closed
opened 2026-02-25 22:30:23 +03:00 by kerem · 2 comments
kerem commented 2026-02-25 22:30:23 +03:00
Owner
Copy link

Originally created by @aseques on GitHub (Apr 5, 2019).
Original GitHub issue: https://github.com/ergin/nginx-cloudflare-real-ip/issues/2

This system works fine to add the source ip to the apache logs, the problem is that after this you can't block the traffic not comming from cloudflare because it's identified with the real ip. Have you accomplished this?

Originally created by @aseques on GitHub (Apr 5, 2019). Original GitHub issue: https://github.com/ergin/nginx-cloudflare-real-ip/issues/2 This system works fine to add the source ip to the apache logs, the problem is that after this you can't block the traffic not comming from cloudflare because it's identified with the real ip. Have you accomplished this?
kerem closed this issue 2026-02-25 22:30:23 +03:00
kerem commented 2026-02-25 22:30:23 +03:00
Author
Owner
Copy link

@Nottt commented on GitHub (May 27, 2019):

What do you mean block the traffic not coming from cloudflare?

Have you tried running:

ufw allow from IP/RANGE to any port 80
ufw allow from IP/RANGE to any port 443

This would allow only cloudflare IP's to connect to port 80 and 443, assuming you are running your website in those ports of course.

If you delete the firewall rules allowing port 80 and 443, then your server would not respond to anyone in those ports if not coming from cloudflare IP's.

<!-- gh-comment-id:496051592 --> @Nottt commented on GitHub (May 27, 2019): What do you mean block the traffic not coming from cloudflare? Have you tried running: ``` ufw allow from IP/RANGE to any port 80 ufw allow from IP/RANGE to any port 443 ``` This would allow only cloudflare IP's to connect to port 80 and 443, assuming you are running your website in those ports of course. If you delete the firewall rules allowing port 80 and 443, then your server would not respond to anyone in those ports if not coming from cloudflare IP's.
kerem commented 2026-02-25 22:30:23 +03:00
Author
Owner
Copy link

@aseques commented on GitHub (May 27, 2019):

I prefer not to rely on the firewall to block the connections, I already have another firewall, and yet another layer to mantain makes things difficult.
I found another solution at stackoverflow that allows both, I'll paste into another issue

<!-- gh-comment-id:496099309 --> @aseques commented on GitHub (May 27, 2019): I prefer not to rely on the firewall to block the connections, I already have another firewall, and yet another layer to mantain makes things difficult. I found another solution at stackoverflow that allows both, I'll paste into another issue
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
No results found.
Labels
Clear labels   
pull-request

Mirrored from GitHub Pull Request

No labels
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-cloudflare-real-ip#2
No description provided.