Cloudflare and Iptables Not working

I have a personal middleware in my webapp that blocks offending IP addresses by using famous ipset blacklist add and ipset blacklistIPV6 add . When an IP addresses is added the user can still visit the website that is through 80/http and 443/https. But other ports can’t be access for example ssh.

Why is it that when I add an offending IP to the blacklist it can still access my site through http/https but can’t connect to other ports?

I tested this with my own IP I blocked it I couldn’t ssh to the server, but when I got to the browser and visit the website it works fine.

If your hostname is :orange:, then you cannot use IPtables to restrict access to the hostname. All the requests to your host will appear to come from Cloudflares IP range, and IP tables cannot look inside the http/https request to see the actual client IP.

You should restrict access to your web server using IP tables so that only requests from Cloudflare get to the web server. You can then use the Cloudflare firewall to blacklist the IP addresses.

As to why other protocols are denied, in the typical use of Cloudflare, only 80/443 are allowed through to your origin. Cloudflare does not proxy things like ssh.

1 Like

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.