Use a list for WAF allowed/trusted IPs

At some point in the past, it seems like there was a way to creat a list of IPs that we could then apply to the WAF to allow/trust. It’s been several years since we’ve visited this subject and now have a need to add about 40+ IPs to a site.
However, we cannot seem to find this option to bring a list of IPs into the IP access rules page. Is this maybe the wrong place now? We can see where our lists are and can make a list by importing a CSV.
Can anyone in the community help us out here by explain how to add a list to trusted, etc. or how to accomplish this?
Thanks!

You first create a list here: https://dash.cloudflare.com/?to=/:account/configurations/lists

Then you can use that list in a WAF custom Rule here: https://dash.cloudflare.com/?to=/:account/:zone/security/waf/custom-rules

Thanks for the reply/support.

I can go to the Custom Rules and set up Field to be IP Source Address with Operator as In The List and Value to be the trusted list name giving an expression of (ip.src in $trusted) The page then asks for The Take Action … ß In the dropdown options there isn’t an Allow, only a Skip plus the challenges and blocks. Since there isn’t an Allow option, would Skip the correct choice here?

To me that would be if an IP, that is requesting access, is in the trusted list, it should dbe skipped. Would that effectively allow that/those IPs access to the site?

Yes, you want to use skip. Skip will bypass all other Custom Rules, so you should move your rule to the top of the list.

1 Like

Sorry for the late reply.
There aren’t any other custom rules on the domain. Only the IP access rules that are manually entered. These are actually ‘inherited’ from a single site on teh account and include all the server and our office IPs.
Just wanting to make sure there aren;t any issues running the Custom Rules (from the list) along with the IP Access Rules from the Tools option. WE do have the master trusted IP lists that could be combined with the custom rues list for this site and turning off the IP Access Rules since they would be under the Custom Rules list for this domain.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.