How to allow only request from Cloudflare

Hi, I am using CF to protect my web server.

Here is my setup:

request → Cloudflare → server → web server → wordpress

How can I let my web server to only allow Cloudflare ips?

Hi @shanglin52,

Create a new ipset using this url as data source:

https://www.cloudflare.com/ips-v4/#

Add a new Accept rule for ports 80,443 using the CLOUDFLARE IPset:

Once added the new rule, remove or pause the exixsting rule for ports 80,443.

1 Like

I have a problem download using the url. Where I can find

For some reason, I can’t download with the url. Where should I look in to find the errors?

2023-11-17 22:02:01 v-add-firewall-ipset  'india' 'https://raw.githubusercontent.com/ipverse/rir-ip/master/country/in/ipv4-aggregated.txt' 'v4' 'yes' [Error 4]
2023-11-18 17:37:16 v-add-firewall-ipset  'CLOUDFLARE' 'https://www.cloudflare.com/ips-v4/#' 'v4' 'yes' [Error 4]

I think this and the 2FA problem you are having is the same, you can’t access external sites from your server. You should check your firewall rules and/or connectivity

Yes, my DNS was the problem. I pointed my DNS to cloudflare DNS and it works now. Thanks!

1 Like

If you are going to use Hestia as mail server, you should not use 1.1.1.1 as dns resolver or you will have problems to receive mail from external domains because Spamhaus block list will block ALL the ips (Spamhaus doesn’t allow public resolvers to query their DNS).

If you still want to use dns resolver 1.1.1.1 and also Spamhaus to block spammers, take a look to this doc:

Email and mail server | Hestia Control Panel

2 Likes