IP Access Rules CIDR 17

Hi, I want to white list the IPs of hosting provider which in this case is Godaddy, and they have this range of ips
198.71.128.0 - 198.71.255.255
192.71.128.0/17
While interface accept /16 and /24 CIDRs, is there any way to go around or I have to enter 127 records one by one with /24 ?
Thank you in advance

While you cannot whitelist a /17 range using the IP Access Rules under Firewall > Tools, you can write Firewall Rules with the intended range using the “in” operator:

(ip.src in {198.71.128.0/17})

However, I’d strongly advise against using such broad range for any allow/whitelist action, unless you work for GoDaddy and this is some sort of website they need to setup.

Whitelisting this range would mean whitelisting all the thousands of GoDaddy-hosted websites that have their assigned IPs in that range, potentially including websites that have been (or may yet be) hacked! You would be opening the doors to welcome botnets that happens to include infected websites in the range you mentioned.

4 Likes

Thanks for your reply, I found it in my VPS and added automatically to CloudFlare when transferred domains and installed their plugin in CPanel, while in opposite CloudFlare added their ips to firewall on CPanel, so I tried to confirm the whitelisted of both, but if that is not recommended, do you recommend to remove them (Godaddy IPs from CloudFlare firewall)?

For the reasons I’ve already mentioned, yes.

You shouldn’t need to worry about whitelisting your origin server IP address, as this is done automatically by Cloudflare.

But I have found CloudFlare itself white listed the hosting provider ips, I just wanted to expand the range or their ips

Is your setup direct with Cloudflare or through a partner?

Apart from the automatic whitelisting mentioned in the article I posted above, I’m not aware of any other way CF would add a whitelist to your account’s firewall.

Anyway, what would be your intention in expanding that list you’ve found?

This topic was automatically closed after 31 days. New replies are no longer allowed.