I wanted to ask if anyone knows how I can, when I forward ports on my firewall, open to specific Cloudflare addresses and then actually make the proxy the only gateway to the port.
Today my problem is that a proxy is also activated but it is not hermetic because whoever tries to log in with the IP will have the option
And if there is such a situation, which cloudflare IP addresses should I allow?
I will be happy to hear
You would usually set up the firewall on your origin server to allow only Cloudflare IP addresses to access port 443 (redirect to HTTPS using Cloudlfare so you don’t need to handle port 80 and redirects on your origin).
The list of Cloudflare IP addresses is here…
After that, consider authenticated origin pulls to make sure those Cloudflare requests come only from your proxied domains…
Thank you very much
Can you direct me how I can use this method (of proxy, and opening in the firewall for addresses) also in other ports such as VPN and RDP?
Setting up the firewall depends on your router or server, you can Google for that as it’s out of scope for this site. Note that Cloudflare can only proxy for HTTP/HTTPS (*) and only on specific ports so VPN and RDP will need to go direct to your public IP. (**)
(*) Enterprise accounts with Spectrum being the exception.
(**) Cloudflare zero trust tunnel with WARP could replace these.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.