Whitelisting Cloudflare IP addresses

Learn how to whitelist Cloudflare IP addresses and why whitelisting Cloudflare is recommended.


Overview

Changing your name servers to Cloudflare routes traffic through Cloudflare for any orange-clouded DNS records in the Cloudflare DNS app. Your origin web server receives traffic from Cloudflare IP addresses due to Cloudflare’s reverse proxy.

Blocking or rate limiting Cloudflare connections prevents visitor traffic from reaching your website.

To avoid blocking Cloudflare IPs unintentionally, check that:

  • Your origin web server iptables are set to trust Cloudflare IPs.
  • Bad Behavior or mod_security plugins are up to date.
  • Your htaccess file whitelist Cloudflare IPs.
  • Any security plugins, such as WordPress security plugins, whitelist Cloudflare IPs.


Whitelist Cloudflare IP addresses

For Cloudflare to send visitor requests to your origin web server, whitelist Cloudflare IP addresses at your origin web server.  Contact your hosting provider or website administrator for guidance.  

Also, consult documentation for walkthroughs on using .htaccess or iptables to allow IP addresses.  The following examples demonstrate the format of an iptables rule to allow a Cloudflare IP address range.  Replace $ip below with one of the Cloudflare IP address ranges.

For IPv4 address ranges:

iptables -I INPUT -p tcp -m multiport --dports http,https -s $ip -j ACCEPT

For IPv6 address ranges:

ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $ip -j ACCEPT

You may also consult the following resources for help in whitelisting Cloudflare IPs for these Wordpress plugins:


Related resources

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Powered by Zendesk