Cloudflare as reverse proxy for Heroku

I’m currently hosting a heroku for a client, that is not able to access that site, because of the wide IP-range that Heroku apps use. Their corporate firewall blocks some of the Heroku IPs, as they believe risky/spam-sites are hosted on the same IP. So they are not comfortable whitelisting that IP.

I’m considering setting up Cloudflare, and set up CNAME to Heroku through Cloudflare instead of my current domain provider. Would Cloudflare then work as a reverse proxy for my heroku site? Would that mean that as long as the customer whitelists the Cloudflare IP-range, they will most likely be able to access the site through their corporate firewall?

Yeah, if the Cloudflare IP addresses are whitelisted then you should be fine. Clients should never see the heroku back-end.

So when you use Cloudflare in front of Heroku, you’ll never need to whitelist the Heroku IPs?
If so, I don’t understand why.

Because the client will talk to Cloudflare, and Cloudflare to Heroku. There’s no direct client-Heroku access if you’re using Cloudflare to proxy traffic (if there was then Cloudflare wouldn’t be involved so would have no purpose).

This topic was automatically closed after 14 days. New replies are no longer allowed.