Access requests to a web application

infraestructura1 · August 20, 2021, 3:07pm

Hi, how can I force access requests to a web application to be made by CloudFlare’s pool of public IPs and not those of the end user?

sdayman · August 20, 2021, 5:58pm

If the connection is proxied by Cloudflare, it will come from a range on the list at IP Ranges

If you don’t want direct connections from user IP addresses (that bypass Cloudflare), then you would have to set up a firewall that only lets connections from those Cloudflare IP addresses through.

infraestructura1 · August 23, 2021, 5:40pm

Hello, thanks for the answer

The site has a Cloudflare proxy and I have my Firewall configured to only support IPs from IP Ranges, but requests from these IPs do not come to my firewall, but to the end user. That’s the problem.
I require that all requests be masked by the Cloudflare proxy both facing the user and towards my firewall.

matteo · August 24, 2021, 5:53pm

I am not understanding here. If you request the website you will go to Cloudflare, which will go to the origin using one of the listed IPs. If you are blocking all non-Cloudflare IPs at the origin it’s all you can do.

AppleSlayer · August 24, 2021, 5:55pm

Then, change the proxy records to proxy all DNS records

infraestructura1 · August 24, 2021, 9:17pm

Hi thanks for answering

I have blocked any request that is different from Cloudflare, all DNS records are proxy enabled, but in my firewall I see traffic from the user’s public IPS not from the Cloudflare pool, so they do not reach the website.

infraestructura1 · August 24, 2021, 9:18pm

Hi thanks for answering

I have blocked any request that is different from Cloudflare, all DNS records are proxy enabled, but in my firewall I see traffic from the user’s public IPS not from the CloudFlare pool, so they do not reach the website.

matteo · August 24, 2021, 9:21pm

Random requests to each IP on the internet are going to always arrive, it doesn’t mean it’s actual users. Tons of systems scan the internet for services.

infraestructura1 · August 24, 2021, 9:51pm

Hello, thanks for answering.

The requests that I see in my firewall are for example from my ISP, it is not a world-renowned website so it allows me to do a brief follow-up
How can I get DNS records to transfer end to end?

matteo · August 24, 2021, 9:55pm

Most requests don’t care about the website, they just go to the IPs.

If the config is correct and works for you, and some testing has been done on additional ISPs/devices, you simply can’t, just wait until caches expire.

system · August 27, 2021, 9:56pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Need block direct access by IP to origin server Website, Application, Performance	3	837	June 26, 2023
DNS Proxy and firewall ingress restriction DNS & Network	4	3396	November 5, 2021
Block website only to be accessible from cloudflare Website, Application, Performance	1	2995	January 17, 2023
Outgoing requests Security dns , dash-getting-started , dash-troubleshooting	2	4600	August 20, 2018
How to use the most of my WAF appliance? Security	5	2077	November 30, 2021

Access requests to a web application

Related topics