How to restrict access to site by url only, not by IP

some users bypass cloudflare by editing their host file and adding site IP
is there a way to block access that are not by url

There are several options available, choose the ones that best fits your needs.


I can not install cloudflared because my operation system is not supported
I tried the second method “HTTP Basic Authentication” but it didn’t work at all

You could require Authenticated Origin Pulls or use your firewall to block HTTP and HTTPS connections from all but Cloudflare IPs. You could even do both.

2 Likes has the most correct answer, but you should also get a new IP address for your origin server so your users don’t know it. When Cloudflare proxies the traffic, users will be unable to find your server’s new IP address.

1 Like

thanks but i have fixed myself by adding a 000-default-deny.conf to the vhost configs, it blocked host file hacks very effectively

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.