3

Original question title: "Allow only cloudflare access to my website and block all visits, bots or crawlers to my IP address"

I have a question, I use cloudflare DNS on my domain. My VPS 30.xxx.xxx.xxx.xx Port 4490

My VPS Ip was filtered by crawler web pages, and I am getting bots hitting my server.

I am thinking of buying a new VPS and adding a protection that only allows cloudflare and denying all IPs.

I was reading the cloudflare documentation.

They recommend me these options to add IPTABLES on my server

Allow only cloudflare

https://developers.cloudflare.com/fundamentals/get-started/setup/allow-cloudflare-ip-addresses/#allowlist-cloudflare-ip-addresses

deny everything else

https://developers.cloudflare.com/fundamentals/get-started/setup/allow-cloudflare-ip-addresses/#block-other-ip-addresses-recommended

Iptable blocked

https://www.linode.com/docs/guides/control-network-traffic-with-iptables/#block-or-allow-traffic-by-port-number-to-create-an-iptables-firewall

The question I have is if I do these steps, will I have any problem accessing my SSH through my IP?

What I care is that I can access my SSH, and that all my visit is only allowed by cloudflare, everything else related to the Ip that is blocked for the visitor, bots or crawler.

Jesse Nickles
  • 378
Razyit
  • 31

3 Answers3

2

You need to add your own IP address to the allowed IP addresses.

Another alternative is to set up mutual TLS authentication, where anyone wishing to connect to your webserver needs to have a client certificate. https://developers.cloudflare.com/ssl/origin-configuration/authenticated-origin-pull/ tells how to implement this with Cloudflare.

Tero Kilkanen
  • 38,887
2

If you only allow certain/specific entities and deny all other requests that can access your website, then IP whitelist might be helpful to block any other unwanted visits to your site without permission.

sogoslot-akun-gacor-depo-qris
  • 29
1

Script to add the required iptables and ip6tables rules while ensuring the Cloudflare IP ranges are allowed first

https://ongoingtechnology.blogspot.com/2025/02/script-to-add-required-iptables-and.html

 #!/bin/bash

Allow Cloudflare IPv4 addresses


for ip in 173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 104.16.0.0/13 104.24.0.0/14 172.64.0.0/13 131.0.72.0/22
do
    iptables -I INPUT -p tcp -m multiport --dports http,https -s $ip -j ACCEPT
done


Allow Cloudflare IPv6 addresses


for ip in 2400:cb00::/32 2606:4700::/32 2803:f800::/32 2405:b500::/32 2405:8100::/32 2a06:98c0::/29 2c0f:f248::/32
do
    ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $ip -j ACCEPT
done


Block all other incoming HTTP and HTTPS traffic


iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP
ip6tables -A INPUT -p tcp -m multiport --dports http,https -j DROP


echo "Firewall rules applied: Allowed Cloudflare IPs, blocked others."
Mayank Jain
  • 111