How do I make changes to my cloudflare allow list?

Cloudflare is making infrastructure changes to simplify customer configuration, and reduce the number of IPv4 addresses that could potentially interact with your origin on Cloudflare’s behalf.

If your security model relies on allowing a list of trusted Cloudflare IPs from cloudflare.com/ips (or via API) on your origin, please make the following changes to your allow list by May 7, 2021 . This change is safe to make today.

Remove:
104.16.0.0/12

Add:
104.16.0.0/13
104.24.0.0/14

This change delists the 104.28.0.0/14 prefix, which is no longer in use by Cloudflare infrastructure. These addresses will be repurposed for use with our Gateway and WARP (secure web gateway and VPN) products, and may carry traffic from untrusted sources in the future.

Cloudflare does not recommend enforcing security policy at origins solely by trusting IP addresses. Argo Tunnels and Authenticated Origin Pulls provide more secure and specific ways to secure origin connections from Cloudflare.

Further detail on how to configure Argo Tunnels.

Further detail on how to configure Authenticated Origin Pulls.

If you have further questions, please visit the Cloudflare Community.

Regards,
The Cloudflare Team

This could be realted to and a helpful FAQ:

How do you do it would depend if you already and actually have allowed only Cloudflare IP addresses at your Firewall host/origin or for example using iptables at server - I believe you would make the needed changes right there.

So if I’m using green geeks as a server my change would apply with green geeks, not with cloudflare?

Correct, but if you look at the FAQ, it pretty much says “if you have to ask, it probably doesn’t apply to you.”

However, it might be a layer of security you may wish to pursue at Green Geeks.

This topic was automatically closed after 28 days. New replies are no longer allowed.