Can I restrict access to a URL by IP address

We are testing a new website and want to ensure it works with the application firewall. However, we want to ensure that the test site is only accessible from a limited number of source IP addresses. Can you advise us on the best way to do do this on the assumption that the connection from the client is proxied via Cloudflare and so we can not use firewall rules at the web site hosting?

Thanks for your help.

Well, is there any other Firewall at the origin host / server to do it despite the fact of not using Cloudflare for that domain?

In case if not, and if your domain is using Cloudflare and is being proxied (:orange: cloud), there are a couple of security options.

Particular, for your case, I would suggest using the Firewall Rules at Cloudflare dashboard with which you could achive the exact what you want to and they could help you to get the needed/wanted:

  1. Restrict Website access only to specific IP address(es):

  2. Restrict access to the specific URL only to the specific IP address(es):

Helpful articles:

Other helpful articles regarding Security options and Website protection at Cloudflare:

Thank you for your reply, there is a firewall at the host so we can restrict traffic there. The question is with the IP headers arrive at the host with the original IP address if the connection is proxied via Cloudflare? If it does then there is no problem, if it doesn’t then I will look at your suggestion below.


Good hosting :+1:

Short answer - depends or better to say, no.

If I understood correclty, kindly may I suggest below article due this:

Otherwise, without this implementation you would always see the Cloudflare IP in the Access logs, etc. for the requests made to your origin host/server (Apache, etc.).

With this implementation, you see the true/real IP address of the visitor (request) “as-is”.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.