Argo Tunnel: Client access only from specific Region

I have setup an Cloudflare Tunnel for about a year and limited it to only users in Canada.
However, knowing that my clients (friends) are in a specific Region, is it possible to limit the access to only clients from that region?
How can I achieve this?
Thank you.

You would need to create a firewall or IP access rule to only allow traffic from Canada to the hostname of the Tunnel.

I already have a firewall rule for Canada.
What I am looking for is a rule for a Region.
If I don’t know their IP addresses, is there any other way to do this?

Cloudflare has fields that can make it more granular. Look at the ip. fields in the docs. This includes city, postal/metro code and ISO 3166-2 codes.


Thank you, I just read that it requires a business plan.

Availability notes

  • Access to ip.geoip.is_in_european_union, ip.geoip.subdivision_1_iso_code, and ip.geoip.subdivision_2_iso_code fields requires a Cloudflare Business or Enterprise plan.
  • Access to http.request.cookies field requires a Cloudflare Pro, Business, or Enterprise plan.

Whoops, sorry. The other fields do not require a business plan.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.