How can my origin host distinguish my IP from anyone else so he can set up a block?

My host wanted to protect my login from being attacked but he needs to be able to distinguish my IP from anyone else. Is there a way to forward my actual IP to my origin host so that he can block everyone else but me from even accessing my login page? Or some other way for him to be able to distinguish my IP from anyone else?

I had searched for this topic but had not found it. I hope I am not duplicating.

Thanks for your help.

Susan

Cloudflare includes your IP address in the X-Forwarded-For and CF-Connecting-IP headers.

It would be easier to block it at Cloudflare using a Firewall Rule:

1 Like

To admit your ip to whitelist.

Your ip must be static, that is, never change.

If you have dynamic ip, you can buy some online proxy that assigns you a static ip. That way you can enable this ip in whitelist.

Or simply ask your ISP. Most of them offer static adresses. Probably for a small fee.

You could use Cloudflare access which costs a few bugs per month.

https://www.cloudflare.com/products/Cloudflare-access/

There’s also a way to whitelist dynamic IPs automatically but you’d need some programming skills to control the firewall settings via the API.

I considered suggesting Access, but it’s more complicated to set up. And if it’s just her (one user), it’s free, for two reasons:

  1. You can set a Bypass condition for the home IP address.
  2. You can set an Allow condition for her one E-mail address (no charge for 1-3 user email accounts in Access). This makes for a convenient backup if your home IP address changes, or you’re away from home and want to log in.

So, @susansoaps, if you do want to consider Access, here’s what mine looks like:

I want to thank everyone for your suggestions and help. Actually, I do have a static IP (although for some reason it changed a couple of months ago.)

I have forwarded both the suggestions about whitelisting my IP and @sdayman suggestion about setting up a rule in the Cloudflare Firewall to my host to see his response.

I have to admit though that I don’t quite understand how whitelisting my IP would accomplish what he had been trying to do. Would whitelisting my IP mean that it would get passed on directly to him so he could set up a block against all other IPs on his end? I appreciate everyone’s patience with me. I make soap and just kind of stumble around trying to manage my website and keep it loading quickly and stay secure. We had a situation a few nights ago where apparently something/someone was trying to hack their way into my site. So his usual fix for that is to block all IPs accessing that site’s login except for the owner. Since I just set up with Cloudflare (same night, actually) now he can’t do that.

Again, I appreciate your time and help in responding to my questions.

Regards,
Susan

Whitelisting is not the approach we’re suggesting. The Firewall and Access methods we suggested block everybody who is not you.

2 Likes

What’s the plan level? If you are on a pro plan, you could use the Zone Lockdown. That’s the easiest way.

Enter the path:
https://your.site/restricted/path/*
And your IP.

Restricting access to one IP with the firewall is quite easy as well:
It’s not white listing, but blocking everything except X .

A Firewall rule like this should do the trick

(http.request.full_uri eq "https://your.site/restricted/path/" and ip.src ne 123.456.789.1)

Action -> block

In words. If the request URI equals https://your.site/restricted/path/ and the source IP does not equal 123.456.789.1 then block the request.

This topic was automatically closed after 30 days. New replies are no longer allowed.