IP Access Rules

Is there a way to list a strong of IP address - not ranges - in the IP access rules?
Maybe separated with a space or a semicolon?
We don;t want to have to enter 12 or so IP’s individually on every site that we have on CF.
Thanks for any pointers.

IP Accès Rules allow per account configurations.

Also, take a look at IP Lists. They work with Firewall Rules.

Thanks, Matteo.

We have no problem entering them on each of our sites, so that is not an issue.
What we’re looking for is to be able to past a list of allowed IP’s one time per site instead of having to do them individually per site.
For instance, we need to whitelist these Ips so that they never get blocked:

We need to add those to every site we have on CF. As far as I can see, I have to make 11 allow rules, one by one per site.

Is there a faster way?

If all the zones are in the same account you can do it easily from the IP Access Rules. You do need to do 11 rules, though.

You can either chose to paste them in once in IP Lists and then make Firewall Rules in each zone or use IP Access Rules making 11 rules once for all the account zones.

PS: I wouldn’t post the IPs publicly here.

We’ve got maybe 50 sites in our account.
If I’m following you correctly, I should be able to add the 11 rules to our main account - somewhere - and they will apply to all of our sites. Correct?
Or is every site a zone and we’d have to manually enter/create 11 rules for every site?

Correct. Add them to one zone at random with that option.

Every site is a zone, but they are in a single account. Those rules are per zone or per account.

I have added those 11 rules in one of the sites in our CF account and chose “all sites” on the rules for each of the 11 entries on one of the sites.
So, this means that even though I entered the rules on one site/zone, it will apply to ALL 40 or so of our sites in our account. Correct?
If so, we’re all good then.
But why do we have to do it inside of one account/zone? Is there an option to do it OUTSIDE of a site/zone? Just doesn’t seem logical to have to do it “inside” of a site/zone to apply to everything else outside of that site/zone.

Correct, you should see them in all zones.

Because they don’t have account wide settings anywhere else and IP Access Rules aren’t actively upgraded any longer as they are moving the same functionality to Firewall Rules. They won’t redesign them.

You’re right. It doesn’t make sense. It’s the only setting I can think of that works this way: applying across all zones. It’s good, and bad. Mostly bad, as it doesn’t make sense in the overall scheme and it can unintentionally interfere with your other zones… There are no exclusions if you select All.

I have a feeling this part will go away, in favor of the new Firewall Rules. At this point, I think I’m going to have to get better at API scripting to trigger changes across all my zones, or more selective scripting to apply to a subset of zones.

1 Like

Thanks for the assistance @matteo
I did check the other sites/zones in our account and the firewall rules under tools are indeed there.

1 Like

@sdayman - real confusing for a novice/beginner. We’ve been in the web business for 20+ years and it’s a little confusing for even us, but does make sense when it’s fully explained out.
We needed to allow those 11 IPs for monitoring and optimization services that we use on our sites.
We’ll see how this works going forward.

1 Like