Cloudflare IPs not available in htaccess

We’re using Teams/Access to limit access to some backend systems, and have those systems set up to disallow access to anything but Cloudflare IPs.

This was working great for the last 6 weeks, then today we started getting 403 Forbidden errors.

Digging in a bit I found that starting at around 2021-10-27 02:09 UTC, it’s not logging the Cloudflare IPs, and are only showing the actual remote IP (multiple times, so instead of for example:

[Wed Oct 27 02:00:17 2021] [,]
[Wed Oct 27 02:04:34 2021] [,]
[Wed Oct 27 02:04:34 2021] [,]
[Wed Oct 27 02:14:41 2021] [,]
[Wed Oct 27 02:27:21 2021] [,]

My assumption is that this is something on my host’s end - and have created a ticket with them, but wanted to check if anyone had seen this before/knows what is causing this? Thanks!

I’m not sure what the “it” is that’s logging this, but it’s quite possible your host finally configured servers to restore visitor IP addresses. I think this is good, but it certainly throws a wrench into your plan.

Sorry, “it” being Apache.

That is what I suspected as well, but definitely not ideal.

1 Like

If I was going to use htaccess to block non-Cloudflare traffic, I have it check headers for any of the special Cloudflare headers. You can even use a Transform rule as suggested at the end of this reply:

1 Like

Thanks! I don’t have the ability to implement most of those solutions due to the host environment, but transform rules should work well!

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.