Learn how to whitelist Cloudflare IP addresses and why whitelisting Cloudflare is recommended.
Changing your name servers to Cloudflare routes traffic through Cloudflare for any orange-clouded DNS records in the Cloudflare DNS app. Your origin web server receives traffic from Cloudflare IP addresses due to Cloudflare’s reverse proxy.
To avoid blocking Cloudflare IPs unintentionally, check that:
- Your origin web server iptables are set to trust Cloudflare IPs.
- Bad Behavior or mod_security plugins are up to date.
- Your htaccess file whitelist Cloudflare IPs.
- Any security plugins, such as WordPress security plugins, whitelist Cloudflare IPs.
Whitelist Cloudflare IP addresses
For Cloudflare to send visitor requests to your origin web server, whitelist Cloudflare IP addresses at your origin web server. Contact your hosting provider or website administrator for guidance.
Also, consult documentation for walkthroughs on using .htaccess or iptables to allow IP addresses. The following examples demonstrate the format of an iptables rule to allow a Cloudflare IP address range. Replace $ip below with one of the Cloudflare IP address ranges.
For IPv4 address ranges:
iptables -I INPUT -p tcp -m multiport --dports http,https -s $ip -j ACCEPT
For IPv6 address ranges:
ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $ip -j ACCEPT
You may also consult the following resources for help in whitelisting Cloudflare IPs for these Wordpress plugins: