Add IPs to cloudflare.conf

peque · November 3, 2018, 12:13am

I installed mod_Cloudflare and a I have IPs in their config file:
/etc/httpd/conf.d/Cloudflare.conf

But not the all IPs listed here: IP Ranges

are in Cloudflare.conf

Is it a good idea to add the missing IPs to the file?

sdayman · November 3, 2018, 2:56am

Due to subnet masks, it probably does have all the IP addresses. Which one do you think is missing?

peque · November 3, 2018, 3:19am

In bold, the difrerences.

IPs mod_Cloudflare:

103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
104.16.0.0/12
108.162.192.0/18
131.0.72.0/22
141.101.64.0/18
162.158.0.0/15
172.64.0.0/13
173.245.48.0/20
188.114.96.0/20
190.93.240.0/20
197.234.240.0/22
198.41.128.0/17
199.27.128.0/21
2400:cb00::/32
2606:4700::/32
2803:f800::/32
2405:b500::/32
2405:8100::/32

IPS Cloudflare:

103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
104.16.0.0/12
108.162.192.0/18
131.0.72.0/22
141.101.64.0/18
162.158.0.0/15
172.64.0.0/13
173.245.48.0/20
188.114.96.0/20
190.93.240.0/20
197.234.240.0/22
198.41.128.0/17
2400:cb00::/32
2405:b500::/32
2606:4700::/32
2803:f800::/32
2c0f:f248::/32
2a06:98c0::/29

sdayman · November 3, 2018, 3:29am

Definitely add the missing ones to the file.

I just checked a firewall I configured a while back and it shows similar discrepancies.

That would sure be nice if IP Ranges could have a timestamp on it somewhere so we’d know if/when it’s updated. @cloonan?

cs-cf · November 3, 2018, 5:02am

So all of those changes appear to be in:
https://github.com/Cloudflare/mod_Cloudflare/blob/master/mod_Cloudflare.c (which while deprecated and last updated over a year ago seems accurate) where did you get mod_Cloudflare from to install?

cs-cf · November 3, 2018, 5:02am

Agreed, a rev# or last updated would be swell.

peque · November 3, 2018, 7:50am

Hello @cs-cf
I installed from: https://support.cloudflare.com/hc/en-us/articles/206175737-How-do-I-restore-original-visitor-IP-with-EasyApache-cPanel-

peque · November 3, 2018, 7:54am

Sorry… aclarification

The file are in
/etc/apache2/conf.d/Cloudflare.conf

not in
/etc/httpd/conf.d/Cloudflare.conf

peque · November 3, 2018, 10:54am

And, not forget add this IPs in mod_Cloudflare

199.27.128.0/21
2405:8100::/32

to Firewalls and .htaccess

sandro · November 3, 2018, 1:06pm

Considering that Cloudflare stopped supporting mod_Cloudflare and Apache comes with its own module as of 2.4 I generally recommend to use mod_remoteip instead.

peque · November 3, 2018, 1:24pm

It is true @sandro , but I asked in support and his answer was to install mod_Cloudflare.
How do I uninstall mod_Cloudflare?

I would also need a good guide for how to configure mod_remoteip for Cloudflare, because I do not find anything valid on the internet.

Thanks.

sandro · November 3, 2018, 6:03pm

mod_remoteip - Apache HTTP Server Version 2.4 should have everything needed.

user3011 · November 11, 2018, 6:18am

I got the following reply from Cloudflare support.

Hi,

Thank you for informing us about this issue.

199.27.128.0/21 (Dec 2017) and 2405:8100::/32 (Sep 2018) were removed from Cloudflare.

Our mod_Cloudflare isn’t updated with our latest change in IP range, you can safely block these IP ranges at your origin.

system · December 11, 2018, 6:18am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
CloudFlare IPs to whitelist is incomplete DNS & Network dash-getting-started	4	2684	September 5, 2018
Still receiving requests from the IP addresses, which as of Apr 8, 2021 are no longer included in the list cloudflare.com/ips DNS & Network	2	530	January 28, 2024
Cloudflare’s IP address range is incomplete DNS & Network	4	770	November 18, 2023
Cloudflare IP Range 2022 Security	9	2830	January 30, 2022
Cloudflare IP Addresses DNS & Network	6	4970	April 30, 2020

Add IPs to cloudflare.conf

Related topics