Cloudflare WAF with Firewall Port Forwarding

Hi All,
I need help in connecting my WAF to Firewall installed on a site. I’m trying to redirect Website requests to a private webserver. These requests will first pass through Cloudflare WAF, then from WAF to the Public IP on a firewall installed on site, which will then forward to the private webserver.
How could this be done?
Thanks in advance!

Greetings,

Thank you for asking.

May I ask which Firewall are you using at your origin host/server?
Is it some kind of a PHP firewall like a plugin Wordfence for WordPress?
Or rather some kind like Imunify360?
Or some 3rd-party Firewall/DDoS service like DDoS-Guard, JavaPipe, etc.?
Or rather a VPS/Cloud server with pfSense installed?

You’d have to configure your Firewall at your origin host/server to allow/pass the Cloudflare IPs and being trusted them firstly:

Here is a list of Cloudflare IPs:

Therefrom, you might have to configure the Firewall to use and return the real visitor IP in your log files, so it would not block Cloudflare that way or have the same IP always:

Depending on your web server, might also have to check what header are you using to return the visitor IP in your access log files.

Nevertheless, you’d have to check and make sure you’re using a valid SSL certificate installed for your domain at your web server and your firewall too.

Regarding port forwarding, which one do you need to use? At the link from below, you can find the listed ones which are already allowed and working, if needed:

Otherwise, if some other not listed at the above link, you’d have to use a higher Paid plan or use Cloudflare Spectrum service, else continue using an unproxied :grey: (DNS-only) hostname.

Due to my curiosity, may I ask what kind of requests the Cloudflare WAF doesn’t stop for your case, that you’d need to setup and configure another one firewall at your origin host/server? :thinking: I guess you’re using a Pro plan then, or maybe not?

I’m using Unifi Firewall on site. I’m getting some information from the private webserver and it’s being published online. So I want to have add a more secured level on information being requested from the private webserver using WAF. so the workflow is that I have a site that’s taking some information from the private webserver. Users request information for example, it goes through WAF, WAF then forward to Unifi Firewall then to webserver to get information.
Thanks!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.