• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

Cloudflare block direct ip access

beliar34

Member
Joined
Feb 28, 2012
Messages
307
Solutions
7
Reaction score
11
If somebody is using cloudflare and want to block direct ip access to his webpage (allow only trought cloudflare).
Lua:
# Source:
# https://www.cloudflare.com/ips
# https://support.cloudflare.com/hc/en-us/articles/200169166-How-do-I-whitelist-CloudFlare-s-IP-addresses-in-iptables-

for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done

# Avoid racking up billing/attacks
# WARNING: If you get attacked and CloudFlare drops you, your site(s) will be unreachable.
iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP
ip6tables -A INPUT -p tcp -m multiport --dports http,https -j DROP

But remember if you retstart your machine iptabless will propably flush so you need to save those rules as pernament.
There is tutorial how to do it : TUTORIAL

If you want to allow other IP's than cloudflare access website directly just do :
iptables -I INPUT -p tcp -m multiport --dports http,https -s IPADRESS -j ACCEPT
ip6tables -I INPUT -p tcp -m multiport --dports http,https -s IPADRESS -j ACCEPT
 
With either method be aware that Cloudflare imposes a 'maximum execution time' of 100 seconds before displaying a 524 error (can be increased to 600 seconds for enterprise customers). This will prevent you from doing some things via admin panels unless patched to specifically handle this.

One notable example would be importing a large database via phpMyAdmin - if the upload & import process exceeds 100 seconds you'll get a 524 error. To get around this you can typically visit your admin panel by direct IP or a non-proxied record (assuming your site conf allows it), but that won't work with these methods, you'd need to get the database file yourself and import it by command line (which is typically recommended and much faster anyway)
 
With either method be aware that Cloudflare imposes a 'maximum execution time' of 100 seconds before displaying a 524 error (can be increased to 600 seconds for enterprise customers). This will prevent you from doing some things via admin panels unless patched to specifically handle this.

One notable example would be importing a large database via phpMyAdmin - if the upload & import process exceeds 100 seconds you'll get a 524 error. To get around this you can typically visit your admin panel by direct IP or a non-proxied record (assuming your site conf allows it), but that won't work with these methods, you'd need to get the database file yourself and import it by command line (which is typically recommended and much faster anyway)
iptables -I INPUT -p tcp -m multiport --dports http,https -s PRIVATEIPADRESS-j ACCEPT

And you can access from your network directly to http :)
 
Back
Top