Cloudflare and Iptables Not working

wangoloj · December 31, 2020, 5:47pm

Hello;
I have a personal middleware in my webapp that blocks offending IP addresses by using famous ipset blacklist add and ipset blacklistIPV6 add . When an IP addresses is added the user can still visit the website that is through 80/http and 443/https. But other ports can’t be access for example ssh.

Why is it that when I add an offending IP to the blacklist it can still access my site through http/https but can’t connect to other ports?

I tested this with my own IP I blocked it I couldn’t ssh to the server, but when I got to the browser and visit the website it works fine.

michael · December 31, 2020, 5:54pm

If your hostname is , then you cannot use IPtables to restrict access to the hostname. All the requests to your host will appear to come from Cloudflares IP range, and IP tables cannot look inside the http/https request to see the actual client IP.

You should restrict access to your web server using IP tables so that only requests from Cloudflare get to the web server. You can then use the Cloudflare firewall to blacklist the IP addresses.

As to why other protocols are denied, in the typical use of Cloudflare, only 80/443 are allowed through to your origin. Cloudflare does not proxy things like ssh.

system · January 5, 2021, 5:54pm

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Iptables to allow only cloudflare Security	3	5205	November 9, 2019
Allowing only my partner ip address Security	5	2344	October 30, 2021
Error 521 - Can’t figure out why - Works when accessing the IP directly and through other cloudflare domains Getting Started dash-troubleshooting	1	2389	September 8, 2019
I've blocked IP's, but some ot them still getting to my site Access	8	3998	October 14, 2020
Add cloudflare IPs to iptables Security	3	1238	February 10, 2023

Cloudflare and Iptables Not working

Related topics