If I block ports 80 and 443 will Authenticated Origin Pull still work?

Someone suggested that I should block 80 and 443 ports in order to block all web traffic except from Cloudflare.
I want to block all traffic to my VPS except the traffic coming from Cloudflare servers.

Is this a safe method in order to achieve that? If not, what else can you guys suggest?

May I ask if you’re using your VPS to send and/or receive emails too?, then this should be reviewed and might not be the best option. Otherwise, if it’s only for web server, it’s okay.

No emails at all. But if I block port 443 will Cloudflare still work?
Other person told me to let it open and use Authenticated Origin Pull with installing Cloudflare certificate on VPS instead of Let’s Encrypt, this way only CF traffic would be able to access my server.
What do you think?

As long as you carve out an exemption to those ports for Cloudflare IPs with an allow rule your in your firewall, you should be OK, unless you need traffic to connect directly to your origin server.

I do that along with authenticated origin pull on some of my web servers.

OK, let’s say I don’t use a Firewall at all and block nothing. Will Authenticated Origin Pull do the job alone? That is, If I install Cloudflare certificate of course.

Without a certificate issued by the Cloudflare Origin CA, clients won’t be able to make a request to your site if you have configured authenticated origin pulls. It will not prevent other clients from attempting a direct connection. You can test this yourself with curl to see what happens.

Some of my servers house a combination of sites that are not on Cloudflare along with other sires that are. For those hosts, authenticated origin pulls are my only option, so I use it in the indivudual site configuration. On severs that exclusively host sites that use the Cloudflare proxy, I only permit connections to ports 80 and 443 from Cloudflare at the firewall level in addition to requiring authenticated origin pulls in the global server configuration.

The best way to make the determination of suitability is to test it and see if it perfoms to your satisfaction.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.