Restricting access by IP address

I have a 4 server web application which has 3 servers open to public and 1 server providing resources to the other 3. Currenlty the 1 resource server is restricting access by IP address to only the other 3 servers.

With Cloudflare proxy, IP address don’t seem to be available for access restrictions.
How can I implement access restrictions to the resource server so that only the other 3 servers can be allowed to retrieve data from the resource server?

Without knowing more about your infrastructure, I would say exactly the way you are today. The IP addresses of your servers haven’t changed, if they are requesting information from the ‘resource’ server their requests will come from their actual IP address, not the IP address of Cloudflare’s edge.

I am using nginx configuration to allow IPs and restrict all others as follows:

server{

 server_name resourceserver.com;
 location / {
      proxy_pass http://unix:/home/flask/resource/getresource.sock;

allow 123.111.2.112;
allow 123.111.2.113;
allow 123.111.2.114;
deny all;

}

Since I started using Cloudflare nameservers, the restrictions stopped working.
currenlty all traffic is ristricted. the server IPs are correct but the resource server is not seeing the IPs any longer and is restricting all 3 servers.
how can I resolve this with Cloudflare?

Make sure the 4th server isn’t orange clouded on Cloudflare and/or that your 3 other servers have a way to resolve it to its correct IP address

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.