I have an admin folder need use .hatccess to allow/block some ips.
However,it doesn’t work in Cloudflare.
Is it any idea about how to deal with this?
Creating a Firewall Rule at Cloudflare Dashboard, you can allow only your IP (or few others) and block all the other, if that’s what you need to achieve? 
Kindly, may I point you to the step-by-step instruction from link below how to manage Firewall Rules at Cloudflare dashboard (the referenced link includes pictures for better understanding, navigation and help):
Furthermore, you might have to implement a simple fix to show the real visitor IP at your web server / origin host access log files, etc. as described at the link form below:
1 Like
yeah if you want to handle it via .htaccess instead of using Cloudflare rules, just set up mod_remoteip. It’s pretty easy. Then not only will you get real visitor IPs in your logs again, but other Apache features that interface with IP addresses will also be able to see the visitor IPs instead of Cloudflare IPs.
although having Cloudflare do the blocking would result in less load to your origin. so up to you.
if you’re not already you should also considering setting up authenticated origin pulls so that visitor’s can’t easily bypass Cloudflare and hit your origin directly, it’s also quite easy to set up with Apache Set up authenticated origin pulls · Cloudflare SSL/TLS docs
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.