Restrict which CF IPs the proxy can use

We are looking to restrict which IP ranges the proxy will use getting to our server. The issue we are trying to resolve is, right now some of CF ranges are registered in other countries, some of the countries we currently block at our company firewall so we end up blocking legitimate traffic coming from CF because the IP range is registered to a country other than US. The range 162.158.0.0/15 shows that it is from Germany on some GEO location lists.

Not possible. You can block based on visitor’s country on our edge (using Firewall rules) if your security team deems that visitors residing in Germany are verboten.

1 Like

It sounds like your firewall limits access from non-US address ranges. But you don’t want to block legitimate traffic.

Would it be acceptable to whitelist Cloudflare’s IP ranges, then use Cloudflare firewall rules to block access by non-US visitors?

1 Like

ok, thanks! I will try and see what our firewall can do about the whitelist option.
Thanks again!

1 Like