Configuring IP Access Rules

With the Cloudflare Firewall app, you can whitelist, block, and challenge visitors by IP address, country, or AS number. To whitelist or block a visitor:

  1. Log in to Cloudflare.
  2. Click on the Firewall app.
  3. Click on the Tools tab
  4. Add an entry to the IP Access Rules and select the action.

There are four possible actions:

  • Whitelist: Excludes visitors from all security checks (Browser Integrity Check, I'm Under Attack Mode, the WAF, etc). This is useful if a trusted visitor is blocked by security features. Whitelists take precedence over blocks. Whitelisting a country code does not prevent the request from bypassing the WAF.
  • JavaScript Challenge: Presents the I'm Under Attack Mode interstitial page to any visitors. I'm Under Attack mode requires JavaScript to be enabled for a visitor to proceed. This mode is useful for blocking DDoS attacks with minimal impact to visitors.
  • Challenge: Requires the user to complete a CAPTCHA in order to visit your site. This will prevent bots from accessing the site, but real humans can complete the CAPTCHA to proceed (including attackers).
  • Block: When a visitor is blocked, no CAPTCHA option is presented so there is no way for the visitor to access your site. The Block option is appropriate to use when you know, with a high level of certainty, that you do not want the IP address to visit your site.  

Types of access rules

There are several types of access rules that can be put in place:

Block Example(s)
IPv4 address.
IPv4 /24 range
IPv4 /16 range
IPv6 address. 2001:db8::
IPv6 address range. 2001:db8::/48, 2001:db8::/64
Country (by name or code) US, germany, tor, CN
ASN AS13335

Address Range Examples

CIDR (larger number = smaller block) Start of range (example) End of range (example) Number of addresses
/64 2001:db8:: 2001:db8:0000:0000:ffff:ffff:ffff:ffff 18,446,744,073,709,551,616
/48 2001:db8:: 2001:db8:0000:ffff:ffff:ffff:ffff:ffff 1,208,925,819,614,629,174,706,176
/32 2001:db8:: 2001:db8:ffff:ffff:ffff:ffff:ffff:ffff 79,228,162,514,264,337,593,543,950,336
/24 256
/16 65,536


Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Powered by Zendesk