Are IP static?


#1

I understand CDN IPs are shared, but I do not find info about their stability.
My client’s provider want to filter outbound connections by IP, so, can I trust the anycast IP the service uses won’t change, or must I whitelist the whole cloudflare address space ?


#2

They are pretty stable but there is no guarantee AFAIK.

You cant use the IP address itself however anyhow. You will always have to go through a hostname which will resolve to whichever IP address it currently has assigned to.

However considering you were referring to outbound connections, these will never have a Cloudflare IP address but always your own.


#3

The outbound connection of the user device connects TO cloudflare, and it’s the destination address which is filtered.


#4

You should whitelist the whole Cloudflare address space:

For best practices try implementing Authenticated Origin Pulls:


#5

So far mostly 104.16.0.0/12 and 2606:4700::/32 addresses have been assigned as far as I can tell, so if you want to be on the safe side you might want to whitelist that range.


#6

Ok, thanks :slight_smile: (If I cannot whitelist a single IP, I should whitelist all of them, not only a subset of them)


closed #7

This topic was automatically closed after 31 days. New replies are no longer allowed.