Cloudfare and IIS IP Address and Domain Restrictions

I’ve googled around and looked through here, but didn’t see a good answer (telling me to refer to the page that discusses adding the extended IIS logging is not an answer).

Basically I have several directories on the website that need to be blocked with the exception of one IP (being mine). WIthout cloudfare of course this works easily as I can have the domain/foo set to deny and my IP address set to Allow.

The problem of course is cloudfare, which connects to my website instead of my direct IP.

is there any way around this or to have the ability to block domain/foo to all but one IP inside of cloudfare - aka put the IIS address and domain restrictions as part of cloudfare.

I looked at page rules but nothing there looked like it would do what I want.

Access has the potential, but unless I buy it I can’t see what it does (ie: does it allow for login / password access to specific directories? that would work in a pinch). In other words, if I access domain/foo - prompt for access login / password - but the rest of the site is access anonymously. or better yet, can i set the access to domain/foo to be only for ip xxx.xxx.xxx.xxx

Thanks!

Hi @user7431,

You can block all except one IP using Firewall Rules at Cloudflare. You should just be aware that people can bypass Cloudflare and hit your server directly if they have your IP and you don’t have a configuration to block any connections not through Cloudflare.

Access is a possibility, you can have different authentication methods to limit access to a specific area of your site - it is free for up to 5 seats (essentially 5 users/month).

Thanks… I think that gives me an idea.

Block all but one IP for domain/foo

set IIS to only accept cloudfare IP’s

and that should do it. still not sure about how to set up blocking for a specific url but I’ll check that out more.

I think a firewall rule such as this would work?

((http.request.uri.path contains “/admin” or http.request.uri.path contains “/desktopmodules/admin/” or http.request.uri.path contains “/install/”) and ip.src ne xxx.xxx.xxx.xxx)

right?

Sorry for the delay.

Yes

That looks good to me!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.