Problem with page rules

Website, Application, Performance Getting Started
1

Hello Everyone,

We need some help with pagerules as we are unable to configure them as per our requirements. We will really appreciate if someone can help us out here…

We have our website which now has Cloudflare and Railgun enabled.

Everything is working perfect just as it should be.

Now we have a folder under our website, lets assume https://www.example.com/dummy/ which has restricted access based on IP authentication, configured in .htaccess of dummy folder. Which means the folder is inaccessible for outside world, except for those IP’s which are allowed using the variable “allow from” in .htaccess

Now when Cloudflare is enabled, we cannot access above folder from our IP which is already alllowed in .htaccess.

We have tried to configure page rules to skip that folder, but no luck. Please find the screen shot of those rules:

31
31950×110 18.4 KB

Can someone please help us what we are doing wrong?

Just some more information… we have configured the rule on https:://www.example.com/dummy/*

Thank you for your suggestions and help in advance.!!

2

Are you sure you are rewriting the IP addresses so that the actual client addresses show up for the rules and log files?

3

Thank you for such a lighting fast reply… I am unsure what you mean here…

Could you please explain?

When Cloudflare is disabled, if we access that folder from our authenticated IP (in .htaccess), we can access it fine. For rest of the world, the folder would give forbidden access denied error.

However with Cloudflare enabled, even we get the same forbidden access denied error.

4

With Cloudflare everything is typically (unless the records are :grey:) tunnelled through their servers, which means all requests arrive at your server with Cloudflare IP addresses. Cloudflare provides the original IP address in an HTTP header, however you need to rewrite the value of the connecting IP address (on the IP level) to that header in the server. With Apache you’d be using mod_remoteip for that.

Are you doing this?

1 Like
5

Thank you. You have been very helpful. I enabled mod_remoteip on server. However, I am struggling to add rewrite rules to rewrite the value of connecting IP to that as seen in header of server.

Tried googling, but cannot find much related information. Could you please kindly guide me with these rules. Any thread / url’s for reference purpose will do.

Thanks again.

6

There are no rewrite rules - as in mod_rewrite - involved but only mod_remoteip’s configuration

https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html

RemoteIPHeader CF-Connecting-IP

should do the trick

and you should also add

RemoteIPTrustedProxy 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 104.16.0.0/12 108.162.192.0/18 131.0.72.0/22 141.101.64.0/18 162.158.0.0/15 172.64.0.0/13 173.245.48.0/20 188.114.96.0/20 190.93.240.0/20 197.234.240.0/22 198.41.128.0/17
2 Likes
7

please ignore my reply… I am back to square one with same problem. I will investigate this further.

8

you have extra colon : in your address https::// so probably not matching the page rule you intended

9

Well that was just an example… so that extra colon can be ignored.

10

Do the right IP addresses show up now?

11

This topic was automatically closed after 31 days. New replies are no longer allowed.