Hello all,
we are trying to use Cloudflare IP ranges in our firewall to only allow Cloudflare access the origin server.
The one question we have is how often does Cloudflare update the list? and what type of notification will send out to the customer if add/remove IP addresses?
thanks
Be careful with this approach. Anyone’s Cloudflare app can still reach your origin.
The better approach is to run cloudflared on your origin. Cloudflare Tunnel · Cloudflare Zero Trust docs
Will this increase the latency? How well does the daemon scale?
It has been known to scale well. You can deploy replicas or if you’re considered about proper load balancing putting multiple unique tunnels behind a load balancer.
It is built on go, source, and the expectation is very little over head.
With tunnel:
Time Handshake: 0.053515
Time Connect: 0.028355
Name Lookup Time: 0.007168
Time Pretransfer: 0.053653
Time Redirect: 0.000000
Time Start Transfer: 0.137746
Time Total: 0.149948
Without a tunnel:
Time Handshake: 0.068359
Time Connect: 0.018393
Name Lookup Time: 0.005283
Time Pretransfer: 0.068510
Time Redirect: 0.000000
Time Start Transfer: 0.166739
Time Total: 0.176725
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.