DenyAllButCloudFlare and cloudflare load-balancing monitor

Hi,

I set up mod_Cloudflare and enabled the DenyAllButCloudflare option so that only Cloudflare IP addresses were allowed to access the web server - but that stops the Cloudflare health monitor from working - it was expecting a HTTP code 200 and was getting a 403. So I told it to expect a 403 and it works again. This seems crazy as the monitor is clearly coming from the Cloudflare network. Is there a better way to do this?

Thanks guys,

Misha.

Here’s the line of code that’s doing this:

https://github.com/Cloudflare/mod_Cloudflare/blob/master/mod_Cloudflare.c#L313-L319

Deny requests that do not have a CloudflareRemoteIPHeader set

Maybe load balancers don’t have this header set? Seems like a bug with mod_Cloudflare.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.