I have a website which requires user logins.
The logins are authenticated using APIs which I have created on a different domain.
Now, in the settings.json file for the website, only IP addresses for my webserver are allowed.
This was working totally fine, until I hosted my website DNS on Cloudflare.
However, this again works fine when , I turn off the proxy status for the domain where the API is hosted.
Looks like this is happening because of only certain IP addresses allowed from my website and not the Cloudflare. Is there any easy way of doing this rather than going and allowlisting all the Cloudflare IP addresses on my website and allow them ?
Since Cloudflare acts as a reverse proxy, when it’s configured as expected, all connections to your origin webserver come from Cloudflare’s IP addresses, and that may or may not be a problem for you:
If your web application is using the originating IP of the visitor as part of its logic, it will now use a Cloudflare IP address
If you use the content of your access logs, they now contain a Cloudflare IP address as the $remote_addr
Depending on your setup, you can restore the visitor IPs in a number of ways. You can find a complete list here, or below are a few of the most popular:
I am not restoring Visitors IP. Actually The API is on domain 1 on same webserver and the website is on domain 2 on the same webserver. But because I have now place Cloudflare, my website is getting the request from Cloudflare IP address and thus rejecting it
Thanks. I found this LINK (https://developers.cloudflare.com/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/#JUxJSMn3Ht5c5yq) but looks bit complicated
It cannot. You need to configure that your web server. It’s really easy on Apache. It doesn’t look to be any more complicated on current versions of IIS.