Restricting host to cloudflare Ips - giving issue

Hi,
I am very new to Cloudflare, and I am only just getting set up.
I have configured my DNS name to point to an AWS instance. I have attached a security group to this instance to accept traffic from the Cloudflare IPs. However, some clients are getting a closed connection error. If I include a security rule which accepts all traffic on port 443 , they can then access our application. However, this defeats the purpose of restricting traffic to only the Cloudflare IP’s.
I was wondering is there something I check in the security settings . Or something I can get the client to check to see how they are bypassing Cloudflare ?
Also, is there any way in the analysis tools to see what IP the clients request is coming from ?

Any help is appreciated.
Thanks

It sounds like those clients are attempting to connect directly to your server, rather than through Cloudflare. How long ago did you add the site to Cloudflare? (it can take up to 48 hours for full DNS propagation).

Hi sdayman,
Thanks for getting back to me so quickly. We set this up 2 days ago, so I was hoping it would be ok today, but the issue still persists.
All clients are using the same URL, which resolves to my AWS address, so I am not sure why it’s an issue for some, while others are connecting with no issue. Do you know is there anything else I could check / verify in the security / TLS / HTTPs settings in cloudflare ?

Thanks

It should not resolve to your AWS address if it’s a :orange: Proxied hostname.

Hi Sdayman,
Perhaps I have set something up incorrectly , but when I ping my URL I get the IP which is assigned to my AWS instance, not one of the 15 IP’s from Cloudflare - which is what I expected I would get, or have I misunderstood how this works ? (I am very new to this).
I set up my URL as a CNAME record. When I check on a DNS propagation site under CNAME’s nothing is returned, yet under A records I can see it resolving to my AWS IPs. I think I need to change something in my settings but I am not sure what

Roisin

Then something is wrong with the Configuration. When you ping your Domain that is behind Cloudflare you should get a Adress that belongs to Cloudflare. Are you sure that all records for the Website are :orange: ?

Normally your Domain root should Point to your AWS IP in your DNS Settings and must use the :orange: . You can then use a CName for www. to point to your Domain Root. But at least the Domain Root Entry must be an A Record with the :orange: Cloud

Like this:


1 Like

Thanks for your help oneandonlyjason & sdayman.
I got the issue resolved today - it was due to a listener configuration on my AWS instance.
Thanks anyway. R

1 Like

What was it in that configuration that was causing it to connect in a way that was being blocked?

Hi sdayman,
I had to add a redirect on my listeners for requests with a path which was \ ,
My URL is like root.example.com\AppName\LoginPage. Once I added the redirect for path = \ to go to the full path, everything was going to the right place after that. Thanks for your help,
R

1 Like