.htaccess - block incoming connections from IPs other than Cloudflare

Hi There,

I’m looking for a solution that will work in an environment that is logging IPs from the X-Forwarded-For header.

In this scenario simple solution like this will not work, as I’m seeing my real IP in the httpd logs

order deny,allow
deny from all
allow from 173.245.48.0/20
allow from ...IPs from https://www.cloudflare.com/ips/

This is a shared hosting solution and admin think that X-Forwarded-For can be trusted :monkey_face:

For now I’m verifying if the incoming request have a CF-RAY header, and allow only this requests like in the example below

RewriteCond %{HTTP:CF-RAY} ^$
RewriteRule ^ - [F,L]

But, as every header this can be spoofed
How do you think this can be best accomplished?

Does that mean the server is rewriting the IP addresses?

This topic was automatically closed after 30 days. New replies are no longer allowed.