Is it possible to whitelist CF addresses without doing all

We have customers throughout the country and international some of them want to whitelist our CF addresses by IP in their firewalls.
In the past we had a single barracuda waf/LB so that was no problem

But with CF there are too many addresses .

Is there some way to do it.

Do you mean the CF IP address for connecting to your site? There are only four IP addresses for public connections: Two for IPv4, and two for IPv6.

1 Like

From my understanding, I would send them the below link so they could whitelist Cloudflare IP ranges, if so:

But, would referr to as @sdayman already mentioned, usually two IPv4 and IPv6 for a website if that is all about?

It is a school and their firewalls oy allow white listing by IP

Following are not our real ones
For our url www.example.com we have
104.17.25.88
104.17.31.58
As are CF addresses. Our tech guys say those are different for every part of the USA and elsewhere. Are they mistaken?

I’m pretty sure they are mistaken. Cloudflare uses Anycast, so it’s the same IP address all over the world, but directed to the closest data center.

You can confirm this at dnschecker.org

But will those addresses change at any time or are they static until we leave CF

They very rarely change. If you change plan levels here, they’ll change. And Cloudflare occasionally changes infrastructure, but that’s at most a couple of years apart.

That’s really your only choice, but you could certainly write a script to keep an eye on IP address changes. There might even be services out there that do this.

1 Like

There are two ways I know of.

You can use BYOIP. One of the BYOIP use cases is explicitly because your existing range is whitelisted in places like your customers firewalls.

On an Enterprise plan you can request dedicated IP addresses.

But they do change. If your customers will suddenly loose access it is a terrible customer experience. When the addresses change it is without any notice, so until every customer updates their firewall you have an outage.

If the first two options are not suitable for you, then the only viable option for your customers is to whitelist all the Cloudflare IP addresses.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.