Proxy DNS and application allow lists

Hi All,

We have an application we developed that has an API. The API only allows connection from a specific IP which is a server that does API user authentication.

Because of this if we proxy the DNS to take use DDOS protection and other advantages of proxying DNS the API won’t work because the authenticator server IP “changes” from the perspective of the receiving API machines.

Could Cloudflare Spectrum or some other tool or setup configuration get around this problem? I would really like to be able to use the DNS proxy tools.

Thank you!
Richard

It does not sound like Spectrum is required, unless your API is not HTTP based.

If your Webserver is behind Cloudlfare, you can:

  1. Change the firewall on the webserver to allow only Cloudflare IPs https://www.cloudflare.com/ips/
  2. Change your application server to restore the original visitor IP

You can also:
3. Use the Cloudflare firewall to restrict access to the limited set of IPs for your clients.
4. Use Cloudflare Access with Service Tokens to authenticate the endpoints
5. Use Cloudflare Access with an IP based bypass list

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.