Problems Using htaccess To Prevent Cloudflare Bypass When Using Cache Bypass Page Rules


#1

Hi folks,

I am trying to prevent bad actors bypassing the Cloudflare servers and directly accessing the origin server IP. I added the following Cloudflare IPs to my htaccess:

Require ip 103.21.244.0/22
Require ip 103.22.200.0/22
Require ip 103.31.4.0/22
Require ip 104.16.0.0/12
Require ip 108.162.192.0/18
Require ip 131.0.72.0/22
Require ip 141.101.64.0/18
Require ip 162.158.0.0/15
Require ip 172.64.0.0/13
Require ip 173.245.48.0/20
Require ip 188.114.96.0/20
Require ip 190.93.240.0/20
Require ip 197.234.240.0/22
Require ip 198.41.128.0/17
Require ip 2400:cb00::/32
Require ip 2405:b500::/32
Require ip 2606:4700::/32
Require ip 2803:f800::/32
Require ip 2c0f:f248::/32
Require ip 2a06:98c0::/29

The problem with the above is that it causes problems with page rules that contain Bypass Cache. With bypass cache enabled, Cloudflare passes through the visitor’s IP address to my origin server (rather than a Cloudflare IP) and htacccess then blocks the visitor from viewing the webpage.
Does anyone have any workarounds or solutions to this?
I am on a Cloudflare Pro plan.


#2

This needs to be done at a firewall level, either on your server, or upstream.

What I did for .htaccess was check for the Country header, but make sure Geolocation is enabled in the Cloudflare dashboard:

RewriteEngine On 
RewriteCond %{HTTP:CF-IPCountry} ^$
RewriteRule ^ - [F,L]

#3

That worked like a charm! Thank you!