DenyAllButCloudFlare and cloudflare load-balancing monitor



I set up mod_cloudflare and enabled the DenyAllButCloudFlare option so that only cloudflare IP addresses were allowed to access the web server - but that stops the cloudflare health monitor from working - it was expecting a HTTP code 200 and was getting a 403. So I told it to expect a 403 and it works again. This seems crazy as the monitor is clearly coming from the cloudflare network. Is there a better way to do this?

Thanks guys,



Here’s the line of code that’s doing this:

Deny requests that do not have a CloudFlareRemoteIPHeader set

Maybe load balancers don’t have this header set? Seems like a bug with mod_cloudflare.