Hi all - I’m new to Cloudflare and I’m trying to lock down my setup. My site is hosted on a single AWS EC2 instance running in the default VPC. I’ve already transferred my DNS zone to Cloudflare and everything seems to be working just fine. I’m seeing lots of traffic hitting the server from Cloudflare IPs.

Now as a next step, I’m trying to lockdown traffic to my EC2 instance such that only Cloudflare’s IPs are allowed. I created a Security Group and populated all the IPv4 and v6 addresses for Cloudflare, for both HTTP and HTTPS protocols and attached it to my EC2 instance. I also removed the old security group that allowed anyone on the internet to hit my site.

As soon as I do this, I’m unable to reach the site. It takes a long time too resolve and eventually ends in a blank white screen.

Any tips/hints as to what I’m doing wrong here? Perhaps it’s a caching issue or something else I’m not seeing or I’m not familiar with? Thanks in advance for any help.

I’ve not used this setup, so…

Is there a log for that Security Group?

Out of curiosity, why would you need to add a Security Group to allow anyone on the Internet to hit your site? Does every EC2 need some sort of Security Group in order to allow traffic?

HI @sdayman - yes, every EC2 instance by default isn’t accessible from the internet until you attached a security group allowing it. There isn’t any sort of Security Group logging unfortunately.

It looks like a few people have tried this:
https://duckduckgo.com/?q=ec2+Cloudflare+security+group

Thanks @sdayman. I did a google search before posting here. Doesn’t look like anyone has run into any specific issues like mine. Hoping someone around here can help!

This topic was automatically closed after 31 days. New replies are no longer allowed.