Whitelisting IP's


#1

Hi I am using Cloudways as my host. Anyone have any ideas how I can whitelist Cloudflare Ip’s on Cloudways?

There are 2 options on Cloudways to Whitelist Ip’s: I can whitelist the IPs on SSH/SFTP or My SQL.
Now, which category should I put the Cloudflare Ips in?
Should I list them under SSH/SFTP or My SQL or both?

I am getting different answers from Cloudways and Cloudflare. So, not sure what to do.
Can anyone pls shed light on this matter. Thanks !


#2

I’m not sure why you would whitelist CF’s IP’s on either. Unless you’re an Enterprise customer, CF only proxies 80, 443, 8080 and 8443. If you try to connect to any of those protocols through the proxy, it will fail because CF’s nginx implementation doesn’t support it unless specifically configured by CF as part as an Enterprise deployment.

Besides, database connections should only be allowed by specific IP’s if they aren’t closed off to their local LAN entirely. I think the better budget solution is to get a VPN with a dedicated static IP, and whitelist that.


#3

I guess Cloudways restricted access to those ports by default.

Like @mike8 wrote l, SSH, FTP and so on can’t be proxied through CloudFlare.

Basically you should

  • allow access for HTTP(S) from CloudFlare IPs only and deny all other
  • restrict access to SSH, FTP to only a few static IPs or set up a VPN
  • deny all external access to SQL unless it is really needed

in your Cloudways firewall settings.


#4

In Cloudways > Please check for Server settings > There is a option to enable “Cloudflare”.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.