.htaccess - block incoming connections from IPs other than Cloudflare

miooodek · July 26, 2019, 2:06pm

Hi There,

I’m looking for a solution that will work in an environment that is logging IPs from the X-Forwarded-For header.

In this scenario simple solution like this will not work, as I’m seeing my real IP in the httpd logs

order deny,allow
deny from all
allow from 173.245.48.0/20
allow from ...IPs from https://www.cloudflare.com/ips/

This is a shared hosting solution and admin think that X-Forwarded-For can be trusted

For now I’m verifying if the incoming request have a CF-RAY header, and allow only this requests like in the example below

RewriteCond %{HTTP:CF-RAY} ^$
RewriteRule ^ - [F,L]

But, as every header this can be spoofed
How do you think this can be best accomplished?

sandro · July 26, 2019, 2:13pm

Does that mean the server is rewriting the IP addresses?

system · August 25, 2019, 2:11pm

This topic was automatically closed after 30 days. New replies are no longer allowed.