Ip htaccess restriction issue

Hello. I have problem with ip filter on apache server.
If you try to enable the IP restriction on the apache server on the bmw-sto.ru site, the server fails and access to the site stops. Technical support for hosting the site refused to solve the problem, citing cloudFlare
The rule I tried to activate in htaccess:

ограничение входа на вебсервер по IP только с IP cloudFlare

Require ip 103.21.244.0/22 Require ip 103.22.200.0/22 Require ip 103.31.4.0/22 Require ip 104.16.0.0/13 Require ip 104.24.0.0/14 Require ip 108.162.192.0/18 Require ip 131.0.72.0/22 Require ip 141.101.64.0/18 Require ip 162.158.0.0/15 Require ip 172.64.0.0/13 Require ip 173.245.48.0/20 Require ip 188.114.96.0/20 Require ip 190.93.240.0/20 Require ip 197.234.240.0/22 Require ip 198.41.128.0/17 Require ip 2400:cb00::/32 Require ip 2606:4700::/32 Require ip 2803:f800::/32 Require ip 2405:b500::/32 Require ip 2405:8100::/32 Require ip 2a06:98c0::/29 Require ip 2c0f:f248::/32 #конец кода с правилом ограничения IP с cloudFlare

An apache server error occurred on the nested screenshot
At the moment, I’ve turned off this rule in htaccess to keep the site running
Apparently, real IP addresses of clients come to hosting the site instead of IP addresses of cloudFlare. Why does this happen and how to fix it?

If your server is Restoring Visitor IP Addresses, which many good ones are, then .htaccess is only going to see the actual Visitor IP, and not Cloudflare IP addresses, so it looks like you’re blocking everything. Again, that’s if your server is properly restoring Visitor IP addresses. You should be able to notice this happening (or not) by looking at your site’s server logs.

Yes. That’s what happens. How to fix it? How do I make sure that the server does not recover real IP addresses, but receives only IP cloudflare addresses?

There’s a better approach. Have .htaccess look for either a regular Cloudflare header, or add your own with a Transform Rule, and check for that.

1 Like

I have done rewrite rule in order to remove real IP visitors from the sent data from the cloudFlare to the web server. It is this way that suits me most.
But despite this, the problem still remained. The apache web server still blocks access to the site. The rewrite rule I added in the screenshot in the attachment

Header Rules modify the request received to Cloudflare. Your Rule will not remove the header that Cloudflare add to the requests sent to your origin.

In your Apache logs, do you see the users IP address, or a Cloudflare IP address?

Are you trying to restrict access by end users coming via Cloudflare, or are you trying to ensure that only Cloudflare can connect to your Origin?

1 Like

In apache access logs, I see real IP users. I am trying to limit/block direct inputs to the source server bypassing cloudFlare. I need to allow users to log on to the source server only through cloudFlare

How do you do that?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.