Whitelisting

Hi there, we must whitelist thousands of IPs. Is there any possibility to do it in a easy way(such as multiple listing in one time) instead of allowing them one by one by hand? It is very hard to do it in one by one way.

If it’s for Firewall Tools, you can use the API:
https://api.cloudflare.com/#account-level-firewall-access-rule-create-access-rule

2 Likes

There are lots of codes etc. and we do not know how to use CloudFlare API

What sort if IPs? I ask because if malicious raise your security level, if wanted, use a blacklist in Firewall Rules instead to define from where you want visitors & block the rest. If it’s Cloudflare’s IPs, open them as text as it shows here:

173.245.48.0/20
103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
141.101.64.0/18
108.162.192.0/18
190.93.240.0/20
188.114.96.0/20
197.234.240.0/22
198.41.128.0/17
162.158.0.0/15
104.16.0.0/12
172.64.0.0/13
131.0.72.0/22

2400:cb00::/32
2606:4700::/32
2803:f800::/32
2405:b500::/32
2405:8100::/32
2a06:98c0::/29
2c0f:f248::/32

Expression to use:

(ip.src in {173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 104.16.0.0/12 172.64.0.0/13 131.0.72.0/22} and cf.threat_score lt 1 and ssl and ip.geoip.asnum eq 132892) or (ip.src in {2400:cb00::/32 2606:4700::/32 2803:f800::/32 2405:b500::/32 2405:8100::/32 2a06:98c0::/29 2c0f:f248::/32} and cf.threat_score lt 1 and ssl and ip.geoip.asnum eq 132892)

Here are screenshots:

Paste the Firewall Expression above into the Expression Builder to whitelist Cloudflare’s IPs, if it’s what you want.