Be awesome to be able to use the IP lists (Account > Configurations > Lists) instead of having to type in every possible IP address, when configuring Zone Lockdown entries.

This would reduce user error and generally simplify configuration.

Could creating a Firewall Rule for sepcific hostname like:

1. If “Hostname” select “contains” operator and enter hostname like “sub.mydomain.com”
2. Then select “and” operator
3. If “IP Source Address” select “is in list” operator and choose the List

Or vice-versa, if hostname contains and IP source address “is not in list” → block everyone else except the ones you allow.

Could this help you in this case? Have you tried?

test_rule1081×803 14.6 KB

Otherwise, I would suggest you to try out and use Cloudflare Access / Zero Trust

Thanks for the reply, Fritix.

We’re currently using Firewall rules, and we can certainly build up a complex rule to do it – but Zone Lockdown has a certain ‘elegance’ to it – allowing you to specify a list of domains, URL-paths, etc easily … which is more suited to our web developers wanting to push out something pre-release to production, and temporarily restrict it.

But getting the right list of ~20 IP CIDRs into the rule is cumbersome … versus being able to specify values like $internal_ip_ranges and $monitoring_servers (correlating to defined Lists). I expect Cloudflare could make this easy in the UI, with the lists being selectable, so you don’t have to find the codes.

I’d speculate that Zone Lockdown would be largely used to restrict access to “your own IP ranges” … so would be handy if that was easy to effect.

Ultimately, I’m looking for a way to make a feature-request to Cloudflare – and assumed this forum was the best approach. If there’s a better place to do it, please point me in the right direction.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.