Add IPs to cloudflare.conf

I installed mod_Cloudflare and a I have IPs in their config file:
/etc/httpd/conf.d/Cloudflare.conf

But not the all IPs listed here: https://www.cloudflare.com/ips/

are in Cloudflare.conf

Is it a good idea to add the missing IPs to the file?

Due to subnet masks, it probably does have all the IP addresses. Which one do you think is missing?

In bold, the difrerences.

IPs mod_Cloudflare:

103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
104.16.0.0/12
108.162.192.0/18
131.0.72.0/22
141.101.64.0/18
162.158.0.0/15
172.64.0.0/13
173.245.48.0/20
188.114.96.0/20
190.93.240.0/20
197.234.240.0/22
198.41.128.0/17
199.27.128.0/21
2400:cb00::/32
2606:4700::/32
2803:f800::/32
2405:b500::/32
2405:8100::/32

IPS Cloudflare:

103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
104.16.0.0/12
108.162.192.0/18
131.0.72.0/22
141.101.64.0/18
162.158.0.0/15
172.64.0.0/13
173.245.48.0/20
188.114.96.0/20
190.93.240.0/20
197.234.240.0/22
198.41.128.0/17
2400:cb00::/32
2405:b500::/32
2606:4700::/32
2803:f800::/32
2c0f:f248::/32
2a06:98c0::/29

Definitely add the missing ones to the file.

I just checked a firewall I configured a while back and it shows similar discrepancies.

That would sure be nice if https://www.cloudflare.com/ips/ could have a timestamp on it somewhere so we’d know if/when it’s updated. @cloonan?

1 Like

So all of those changes appear to be in:
https://github.com/Cloudflare/mod_Cloudflare/blob/master/mod_Cloudflare.c (which while deprecated and last updated over a year ago seems accurate) where did you get mod_Cloudflare from to install?

1 Like

Agreed, a rev# or last updated would be swell.

2 Likes

Hello @cs-cf
I installed from: https://support.cloudflare.com/hc/en-us/articles/206175737-How-do-I-restore-original-visitor-IP-with-EasyApache-cPanel-

Sorry… aclarification

The file are in
/etc/apache2/conf.d/Cloudflare.conf

not in
/etc/httpd/conf.d/Cloudflare.conf

And, not forget add this IPs in mod_Cloudflare

199.27.128.0/21
2405:8100::/32

to Firewalls and .htaccess

Considering that Cloudflare stopped supporting mod_Cloudflare and Apache comes with its own module as of 2.4 I generally recommend to use mod_remoteip instead.

2 Likes

It is true @sandro , but I asked in support and his answer was to install mod_Cloudflare.
How do I uninstall mod_Cloudflare?

I would also need a good guide for how to configure mod_remoteip for Cloudflare, because I do not find anything valid on the internet.

Thanks.

mod_remoteip - Apache HTTP Server Version 2.4 should have everything needed.

I got the following reply from Cloudflare support.

Hi,

Thank you for informing us about this issue.

199.27.128.0/21 (Dec 2017) and 2405:8100::/32 (Sep 2018) were removed from Cloudflare.

Our mod_Cloudflare isn’t updated with our latest change in IP range, you can safely block these IP ranges at your origin.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.