How to IP/CIDR whitelist a subdomain

I have a WordPress multisite with DNS hosted by Cloudflare, and one of the sites is a subdomain of the main site, let’s say I’m looking for a way to have an IP/CIDR range whitelist just for the protected subdomain. Is this possible within Cloudflare? I tried setting up web rules on my web host (WP Engine), but Cloudflare’s cache ends up serving up 403 errors for users that should have their access granted. Any help would be appreciated.

The bigger question is what did you do to protect that subdomain? By default, Cloudflare isn’t going to 403 legitimate traffic to a site.

In WP Engine, I just set up a web rules to allow users from a certain set of IPs and ranges, and deny everyone else. Is it possible to have that same functionality in Cloudflare?

Firewall Rules here are awesome. This rule would be:

But if you’re on WPEngine, their Cloudflare settings may prevent you from using your own Cloudflare settings.

I think this is what I’m looking for, but how would this work for CIDR ranges? Would I just make lists with IP addresses in a certain range? (e.g., => to

Yeah, that’s what I’m concerned about with WP Engine, but I have high hopes!

It will accept CIDR ranges. I just forgot that when I created the sample.

Perfect, thank you!

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.