Access requests to a web application

Hi, how can I force access requests to a web application to be made by CloudFlare’s pool of public IPs and not those of the end user?

If the connection is proxied by Cloudflare, it will come from a range on the list at cloudflare.com/ips

If you don’t want direct connections from user IP addresses (that bypass Cloudflare), then you would have to set up a firewall that only lets connections from those Cloudflare IP addresses through.

1 Like

Hello, thanks for the answer

The site has a Cloudflare proxy and I have my Firewall configured to only support IPs from cloudflare.com/ips, but requests from these IPs do not come to my firewall, but to the end user. That’s the problem.
I require that all requests be masked by the CloudFlare proxy both facing the user and towards my firewall.

I am not understanding here. If you request the website you will go to Cloudflare, which will go to the origin using one of the listed IPs. If you are blocking all non-Cloudflare IPs at the origin it’s all you can do.

Then, change the proxy records to proxy all DNS records

Hi thanks for answering

I have blocked any request that is different from Cloudflare, all DNS records are proxy enabled, but in my firewall I see traffic from the user’s public IPS not from the CloudFlare pool, so they do not reach the website.

Hi thanks for answering

I have blocked any request that is different from Cloudflare, all DNS records are proxy enabled, but in my firewall I see traffic from the user’s public IPS not from the CloudFlare pool, so they do not reach the website.

Random requests to each IP on the internet are going to always arrive, it doesn’t mean it’s actual users. Tons of systems scan the internet for services.

1 Like

Hello, thanks for answering.

The requests that I see in my firewall are for example from my ISP, it is not a world-renowned website so it allows me to do a brief follow-up
How can I get DNS records to transfer end to end?

Most requests don’t care about the website, they just go to the IPs.

If the config is correct and works for you, and some testing has been done on additional ISPs/devices, you simply can’t, just wait until caches expire.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.