Using a Firewall with CloudFlare

If you use CloudFlare's CDN (content delivery network), you can create a ruleset in HeatShield to only allow HTTP/HTTPS access to your server from those IP addresses belonging to CloudFlare.

CloudFlare provides a list of its IP ranges that you can use to create the rules in your ruleset.

Limiting HTTP and HTTPS to CloudFlare's IP Addresses

To configure your firewall so only CloudFlare can make HTTP and HTTPS requests to your servers, you will need to create a ruleset in HeatShield.

If you haven't upgraded this server yet, do so now. Once upgraded, you'll be able to use custom rulesets on this server.

First, open your Rulesets page and click Create Ruleset.

Next, name your ruleset and click Create Ruleset.

Now, create a new HTTP rule by selecting the policy, the destination, and the source.

Set the Policy to Allow and the Destination to HTTP.

Select Custom from the Source dropdown and enter the first IP range given in CloudFlare's list. Click Add.

Repeat this step for each of the IP ranges in CloudFlare's list.

When you finish your rules for HTTP, you will need to create your rules for HTTPS.

This time set the Policy to Allow and the Destination to HTTPS.

Select Custom from the Source dropdown and enter the first IP range from CloudFlare's list. Click Add.

Repeat this step for each of the IP ranges in CloudFlare's list.

Applying the CloudFlare Ruleset

To apply your new CloudFlare ruleset to your server, open your server in HeatShield.

Select your CloudFlare ruleset from the drop-down list and click Apply Ruleset.

Then, click Remove next to the default HTTP/HTTPS ruleset.

Your new ruleset will now be applied to your server.

Remember, you can apply your CloudFlare ruleset to any number of servers. You don't need to create a new CloudFlare ruleset for each server.

Last updated: August 24, 2016

Still Have Questions?

Don't hesitate to contact us if you can't find the answers to your questions.