Only allow Cloudflare traffic with mod_remoteip (like DenyAllButCloudflare from mod_cloudflare)


For people using Apache web server, Cloudflare now recommends to use mod_remoteip since mod_cloudflare is not supported anymore:

But is there a way to have the same functionality as the directive DenyAllButCloudflare from mod_cloudflare when using mod_remoteip?
I would like to block access to users who try to bypass Cloudflare reverse proxy (e.g. accessing my web server directly by guessing the IP address). It looks like iptables is not a solution since I still want to host some websites without Cloudflare.


Note: I think there are errors in the Cloudflare article, it is written that RemoteIPHeader CF-Connecting-IP should be added to /etc/apache2/sites-available/000-default.conf but it was not needed since it is already added to /etc/apache2/conf-available/remoteip.conf.
And to enable the configuration /etc/apache2/conf-available/remoteip.conf, the article forgot to mention how to enable it, for example with the command a2enconf remoteip on Debian Linux.

This topic was automatically closed after 30 days. New replies are no longer allowed.