Mod_cloudflare and whitelisting CF IPs


#1

Greetings Cloudflare Community,

I am trying to use htaccess to block all traffic except that routed through CloudFlare. I found instructions showing …
order deny,allow
deny from all
allow from 103.21.244.0/22
(and so on - allow from all CF IPs)
However, my server is configured to see the visitor’s IP, not the CF IP, so that my visitor analytics make sense. But, as a side effect, all visitors are blocked by my changes to htaccess.
Is there a way to both track visits by visitor IP and also allow only access to CloudFlare-routed traffic? I’ve googled my fingers blue and cannot find a solution. Thanks in advance for your knowledgeable and kind advice.


#2

I used this in .htaccess:

RewriteEngine On 
RewriteCond %{HTTP:CF-IPCountry} ^$
RewriteRule ^ - [F,L]

Just make sure you have IP Geolocation enabled. This rule looks for the Cloudflare Country header. If it’s not there, then block the request. People bypassing Cloudflare won’t have this header.


Cloudfare doesn't protect all my sub-domains :/
#3

Thank you sdayman! I will give it a try.


#4

It works! You’re brilliant.