Limit site access to a certain set of IPs

Hi All,

I was wondering if someone could quickly help me. I am looking for how to configure a quick firewall rule to limit all traffic to one of my subdomains to only a certain set of IP addresses. This is for a dev site I only want people of the company accessing not the whole world. So for example I only want to allow our public IPs to access dev.mysite.com. I have the DNS entry already in and it is proxied I just need some help as to how to configure the firewall rule just for this one site.

Thanks,

Hi @csorel,

I think it’s something like this that you are after:

This checks the hostname and will block any IPs that you don’t specify there.

Note that if someone has your server IP, they could bypass Cloudflare and access the site directly if you don’t limit access to Cloudflare IPs.

Teams Access is another approach, and it doesn’t depend on IP addresses (but can include them as well). You can create an “Application” that limits Access to a specific set of Email addresses by emailing a login code. Those email addresses can be an entire @domain, or specific addresses. This is an “Allow” policy. A “Bypass” policy could use those IP addresses to not even ask for a login code. I do this for when I’m at home, but on the road I use email authentication.

https://developers.cloudflare.com/cloudflare-one/applications/configure-apps/self-hosted-apps

Like @domjh mentioned, if someone bypasses the Cloudflare proxy, they can bypass this Access approach as well.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.