Block country for non-proxied DNS record

Hi!
I have been using Cloudflare to manage my domain and it’s working great!
I have a subdomain redirecting to IPFS (followed this documentation: https://developers.cloudflare.com/distributed-web/ipfs-gateway), and again it’s working perfectly :slight_smile:
Now, I want to block a few countries from accessing my app. Obviously, users will be able to access the app from the IPFS endpoint (and that’s ok), but, due to legal concerns, I want it to be blocked if they try to access it from the main URL.
I tried to setup a rule in the firewall but unfortunately it doesnt seem to work. After a bit of research, I think it is not working because the IPFS DNS record cannot be proxied, as I’m using cloudflare-ipfs.com as a target.

Here is screenshot of the rule.
I just changed the subdomain, but obviously I’m using the correct one :slight_smile:

I am afraid it will not work and none rules would apply if the hostname (DNS record) is set to :grey: (DNS-only).

Are you using a CNAME setup or?

Also, using cloudflare-ipfs.com or?

1 Like

Yes Im using a CNAME mysubdomain to cloudflare-ipfs.com and then a TXT record _dnslink.app with dnslink=/ipfs/<HASH>.

If the firewall can’t work that way, is there any other way I could block some countries from accessing the app?

No idea? So it’s definitely not possible to do that? Even on a paid plan?

I’m not seeing much documentation on IPFS. I looked at the Dev Docs, but don’t see this mentioned.

Is there any way to :orange: Proxy that DNS record?

I dont know… that’s what I’m trying to figure out too but I couldnt find any solution for now. Do you know who I could ping to get an answer for that?

It seems you’d be able to do what you want with Orange to Orange (O2O). You can beta test O2O if you are on the Enterprise Plan. Whether this will remain an Enterprise-only feature is hard to guess.

O2O allows one zone on Cloudflare to CNAME to another zone, and apply the settings of both zones in layers. For example, cloudflare-ipfs.com has Always Use HTTPS turned off for various reasons, which means that every site served through our gateway also does. O2O allows site owners to override this setting by enabling Always Use HTTPS just for their website, if they know it’s okay, as well as adding custom Page Rules and Worker scripts to embed all sorts of complicated logic.

1 Like

That’s interesting. I’m gonna check if we can apply for that!

1 Like

Hi @user9290,

This is not a self-served option at the moment. However, you can sign up for the IPFS gateway private beta. This is going to be available as part of it.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.