Cloudflare IP Ranges - do i need to exclude on firewall

i am blocking all world ip except one country with firewall rules on cloudflare.
(ip.geoip.country ne “”)

  1. do i need to add these cloudflare ips as exclude. do any of cloudflare service have any problem if i block these ips too on cloudflare firewall.
    IP Ranges | Cloudflare

  2. “and not cf.client.bot” do this word also exclude cloudflare ips or just eneral bots such as google, yandex

  3. i take an email as this below. Is it related to these cloudflare ips or just my server down problem.
    i can reach my site but sometimes i take this email. I dont know if it is related to cloudflare firewall or my server failure.


Server Unreachable
Requests to the following origin have been failing for at least five minutes:

Error 521: Web server is down

Error 521 occurs when the origin web server refuses connections from Cloudflare. Security solutions at your origin may block legitimate connections from certain Cloudflare IP addresses.
The two most common causes of 521 errors are:

  • Offlined origin web server application
  • Blocked Cloudflare requests

  1. There’s never a need to add Cloudflare’s IP ranges to a firewall rule, as those IP addresses will never connect to your site’s public IP address.
  2. See above. Client Bot would be “good” bots from the list in this FAQ:
    https://developers.cloudflare.com/firewall/known-issues-and-faq
  3. That’s a hosting issue.

This topic was automatically closed after 29 days. New replies are no longer allowed.