Why whitelist Cloudflare IP Addresses?
Cloudflare uses IP ranges for its servers to connect to the origin server that may be blocked due to firewall issues. These IP addresses are really important for the Anycast network to connect to the origin and distribute the traffic among Cloudflare edge servers.
These IP addresses are used by Cloudflare to connect to origin for a proxied DNS. This means that your visitors receive traffic from Cloudflare IP addresses and not from your origin server IP. Frequent connections to origin server by Cloudflare may get blocked due to rate limiting settings of server firewall. This hinder the ability of your application to be served over Cloudflare network and may result into errors as it is accessed over internet by your users.
How to whitelist Cloudflare IP Addresses?
In this post, we will guide you through the process to whitelist Cloudflare IP Addresses in cPanel, for which there are three possible options. Before that, get the list of Cloudflare IP Ranges ready from here.
1. Using .htaccess file
<Directory "absolute/path/to/dir">
<RequireAll>
Require not reject-ips "XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY"
Require all granted
</RequireAll>
</Directory>
2. Using iptables
iptables -A INPUT -s XXX.XXX.XXX.XXX/24 -j ACCEPT
iptables -A INPUT -s YYY.YYY.YYY.YYY -j ACCEPT
3. Using Security & Firewall Configuration within cPanel
- Login as root user to your cPanel console.
- Access firewall configuration
- Enter the IP addresses one per line in the allow list/whitelist.
- Save the file.
cPanel can equipped with any known firewall plugin such as ConfigServer Security & Firewall for the purpose depending on the user choice. If you are using ConfigServer then edit the “csf” file from the firewall configuration within the plugin. You can find ConfigServer from the plugin list to whitelist Cloudflare IP addresses in cPanel control panel. This is however the easiest method to allow Cloudflare IP addresses in the origin server with cPanel.
Final Words
Now, you would be able to whitelist Cloudflare IP address in cPanel that could solve your problem of Cloudflare IPs being blocked by origin server or your web application inaccessible via Cloudflare proxy. Cloudflare may sometimes update the IP addresses so you would need to check at regular intervals for the updated list to avoid unwanted issues. Comment down if any issue…